Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-07 | CVE-2022-28889 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Druid In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. | 4.3 |
| 2022-07-06 | CVE-2021-37839 | Improper Check for Dropped Privileges vulnerability in Apache Superset Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. | 4.0 |
| 2022-07-06 | CVE-2022-33980 | Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | 9.8 |
| 2022-07-06 | CVE-2022-32533 | Unspecified vulnerability in Apache Jetspeed Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. | 9.8 |
| 2022-06-29 | CVE-2022-32532 | Incorrect Authorization vulnerability in Apache Shiro Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. | 7.5 |
| 2022-06-27 | CVE-2022-33879 | Unspecified vulnerability in Apache Tika The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. | 3.3 |
| 2022-06-27 | CVE-2022-26477 | Resource Exhaustion vulnerability in Apache Systemds The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. | 7.5 |
| 2022-06-23 | CVE-2022-34305 | Cross-site Scripting vulnerability in Apache Tomcat In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. | 6.1 |
| 2022-06-22 | CVE-2022-32549 | Improper Encoding or Escaping of Output vulnerability in Apache Sling API and Sling Commons LOG Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. | 5.0 |
| 2022-06-15 | CVE-2021-33036 | Path Traversal vulnerability in Apache Hadoop In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |