Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-14 | CVE-2022-23943 | Out-of-bounds Write vulnerability in multiple products Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. | 9.8 |
| 2022-03-10 | CVE-2021-38296 | Authentication Bypass by Capture-replay vulnerability in multiple products Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". | 7.5 |
| 2022-03-05 | CVE-2022-25312 | XXE vulnerability in Apache Any23 An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. | 6.4 |
| 2022-03-04 | CVE-2022-26336 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. | 5.5 |
| 2022-02-25 | CVE-2021-45229 | Cross-site Scripting vulnerability in Apache Airflow It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. | 4.3 |
| 2022-02-25 | CVE-2022-24288 | OS Command Injection vulnerability in Apache Airflow In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. | 6.5 |
| 2022-02-25 | CVE-2022-24947 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Jspwiki Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. | 6.8 |
| 2022-02-25 | CVE-2022-24948 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 4.3 |
| 2022-02-11 | CVE-2021-44521 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Cassandra When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. | 8.5 |
| 2022-02-11 | CVE-2022-24112 | Authentication Bypass by Spoofing vulnerability in Apache Apisix An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. | 7.5 |