Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-05 | CVE-2022-28890 | XXE vulnerability in Apache Jena 4.4.0 A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. | 9.8 |
| 2022-04-30 | CVE-2022-29265 | XXE vulnerability in Apache Nifi Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. | 5.0 |
| 2022-04-26 | CVE-2022-23942 | Use of Hard-coded Credentials vulnerability in Apache Doris Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. | 5.0 |
| 2022-04-26 | CVE-2022-24706 | Insecure Default Initialization of Resource vulnerability in Apache Couchdb In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. | 9.8 |
| 2022-04-20 | CVE-2022-29266 | Information Exposure Through an Error Message vulnerability in Apache Apisix In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information. | 5.0 |
| 2022-04-13 | CVE-2022-27479 | SQL Injection vulnerability in Apache Superset Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. | 7.5 |
| 2022-04-12 | CVE-2021-28544 | Information Exposure vulnerability in multiple products Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. | 4.3 |
| 2022-04-12 | CVE-2022-24070 | Use After Free vulnerability in multiple products Subversion's mod_dav_svn is vulnerable to memory corruption. | 7.5 |
| 2022-04-12 | CVE-2021-31805 | Expression Language Injection vulnerability in Apache Struts The fix issued for CVE-2020-17530 was incomplete. | 7.5 |
| 2022-04-07 | CVE-2022-26612 | Link Following vulnerability in Apache Hadoop In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. | 9.8 |