Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-11 | CVE-2022-39135 | Unspecified vulnerability in Apache Calcite Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. | 9.8 |
| 2022-09-08 | CVE-2022-28220 | Command Injection vulnerability in Apache James Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 7.5 |
| 2022-09-05 | CVE-2022-38369 | Session Fixation vulnerability in Apache Iotdb 0.13.0 Apache IoTDB version 0.13.0 is vulnerable by session id attack. | 8.8 |
| 2022-09-05 | CVE-2022-38370 | Missing Authorization vulnerability in Apache Iotdb 0.13.0 Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. | 7.5 |
| 2022-09-02 | CVE-2022-25370 | Cross-site Scripting vulnerability in Apache Ofbiz Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. | 5.4 |
| 2022-09-02 | CVE-2022-25371 | Unspecified vulnerability in Apache Ofbiz Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. | 9.8 |
| 2022-09-02 | CVE-2022-25813 | Code Injection vulnerability in Apache Ofbiz In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. | 7.5 |
| 2022-09-02 | CVE-2022-29063 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. | 9.8 |
| 2022-09-02 | CVE-2022-29158 | Unspecified vulnerability in Apache Ofbiz Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. | 7.5 |
| 2022-09-02 | CVE-2022-38054 | Session Fixation vulnerability in Apache Airflow In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. | 9.8 |