Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-22 | CVE-2022-40146 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. | 7.5 |
| 2022-09-22 | CVE-2022-40705 | XXE vulnerability in Apache Soap 2.2/2.3 An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. | 7.5 |
| 2022-09-21 | CVE-2022-40604 | Use of Externally-Controlled Format String vulnerability in Apache Airflow In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction. | 7.5 |
| 2022-09-21 | CVE-2022-40754 | Open Redirect vulnerability in Apache Airflow In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. | 6.1 |
| 2022-09-20 | CVE-2022-40955 | Unspecified vulnerability in Apache Inlong In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. | 8.8 |
| 2022-09-20 | CVE-2022-34917 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Kafka 2.8.0/2.8.1/3.0.0 A security vulnerability has been identified in Apache Kafka. | 7.5 |
| 2022-09-11 | CVE-2022-39135 | Unspecified vulnerability in Apache Calcite Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. | 9.8 |
| 2022-09-08 | CVE-2022-28220 | Command Injection vulnerability in Apache James Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 7.5 |
| 2022-09-05 | CVE-2022-38369 | Session Fixation vulnerability in Apache Iotdb 0.13.0 Apache IoTDB version 0.13.0 is vulnerable by session id attack. | 8.8 |
| 2022-09-05 | CVE-2022-38370 | Missing Authorization vulnerability in Apache Iotdb 0.13.0 Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. | 7.5 |