Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-33682 | Improper Certificate Validation vulnerability in Apache Pulsar TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle attacks, which could leak credentials, configuration data, message data, and any other data sent by these clients. | 5.9 |
| 2022-09-23 | CVE-2022-33683 | Improper Certificate Validation vulnerability in Apache Pulsar Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. | 5.9 |
| 2022-09-23 | CVE-2022-26112 | Unspecified vulnerability in Apache Pinot In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. | 9.8 |
| 2022-09-22 | CVE-2022-38398 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. | 5.3 |
| 2022-09-22 | CVE-2022-38648 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. | 5.3 |
| 2022-09-22 | CVE-2022-40146 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. | 7.5 |
| 2022-09-22 | CVE-2022-40705 | XXE vulnerability in Apache Soap 2.2/2.3 An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. | 7.5 |
| 2022-09-21 | CVE-2022-40604 | Use of Externally-Controlled Format String vulnerability in Apache Airflow In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction. | 7.5 |
| 2022-09-21 | CVE-2022-40754 | Open Redirect vulnerability in Apache Airflow In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. | 6.1 |
| 2022-09-20 | CVE-2022-40955 | Unspecified vulnerability in Apache Inlong In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. | 8.8 |