Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2022-24289 | Deserialization of Untrusted Data vulnerability in Apache Cayenne Hessian serialization is a network protocol that supports object-based transmission. | 6.5 |
| 2022-02-07 | CVE-2022-22931 | Path Traversal vulnerability in Apache James 3.6.1 Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. | 4.0 |
| 2022-02-06 | CVE-2022-23206 | Server-Side Request Forgery (SSRF) vulnerability in Apache Traffic Control In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. | 5.0 |
| 2022-02-04 | CVE-2021-36151 | Information Exposure vulnerability in Apache Gobblin In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. | 2.1 |
| 2022-02-04 | CVE-2021-36152 | Unspecified vulnerability in Apache Gobblin Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. | 7.5 |
| 2022-02-04 | CVE-2022-23913 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. | 7.5 |
| 2022-02-01 | CVE-2021-44451 | Insufficiently Protected Credentials vulnerability in Apache Superset Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. | 4.0 |
| 2022-02-01 | CVE-2021-41571 | Incorrect Authorization vulnerability in Apache Pulsar In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. | 6.5 |
| 2022-01-27 | CVE-2022-23181 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. | 7.0 |
| 2022-01-26 | CVE-2021-41766 | Deserialization of Untrusted Data vulnerability in Apache Karaf Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). | 6.8 |