Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-39198 | Unspecified vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. | 9.8 |
| 2022-10-13 | CVE-2022-24697 | OS Command Injection vulnerability in Apache Kylin Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. | 9.8 |
| 2022-10-13 | CVE-2022-42889 | Code Injection vulnerability in multiple products Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | 9.8 |
| 2022-10-12 | CVE-2022-40664 | Unspecified vulnerability in Apache Shiro Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. | 9.8 |
| 2022-10-07 | CVE-2022-41672 | Unspecified vulnerability in Apache Airflow In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. | 8.1 |
| 2022-10-06 | CVE-2022-40159 | Out-of-bounds Write vulnerability in Apache Commons Jxpath ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. | 6.5 |
| 2022-10-06 | CVE-2022-40160 | Out-of-bounds Write vulnerability in Apache Commons Jxpath ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. | 6.5 |
| 2022-09-28 | CVE-2021-43980 | The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. | 3.7 |
| 2022-09-23 | CVE-2022-24280 | Improper Input Validation vulnerability in Apache Pulsar Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. | 6.5 |
| 2022-09-23 | CVE-2022-33681 | Improper Certificate Validation vulnerability in Apache Pulsar Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. | 5.9 |