Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-45462 | Unspecified vulnerability in Apache Dolphinscheduler Alarm instance management has command injection when there is a specific command configured. | 9.8 |
| 2022-11-22 | CVE-2022-38649 | Unspecified vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. | 9.8 |
| 2022-11-22 | CVE-2022-40189 | Unspecified vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. | 9.8 |
| 2022-11-22 | CVE-2022-40954 | OS Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. | 5.5 |
| 2022-11-22 | CVE-2022-41131 | Unspecified vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. | 7.8 |
| 2022-11-21 | CVE-2022-45470 | Unspecified vulnerability in Apache Hama missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. | 7.5 |
| 2022-11-16 | CVE-2022-45047 | Deserialization of Untrusted Data vulnerability in Apache Sshd Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. | 9.8 |
| 2022-11-15 | CVE-2022-40308 | Unspecified vulnerability in Apache Archiva If anonymous read enabled, it's possible to read the database file directly without logging in. | 7.5 |
| 2022-11-15 | CVE-2022-40309 | Unspecified vulnerability in Apache Archiva Users with write permissions to a repository can delete arbitrary directories. | 4.3 |
| 2022-11-15 | CVE-2022-45402 | Unspecified vulnerability in Apache Airflow In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. | 6.1 |