Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-31 | CVE-2022-37023 | Deserialization of Untrusted Data vulnerability in Apache Geode Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. | 6.5 |
| 2022-08-25 | CVE-2022-22728 | A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. | 7.5 |
| 2022-08-25 | CVE-2021-25642 | Unspecified vulnerability in Apache Hadoop ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. | 8.8 |
| 2022-08-24 | CVE-2021-4040 | Out-of-bounds Write vulnerability in multiple products A flaw was found in AMQ Broker. | 5.3 |
| 2022-08-23 | CVE-2022-35278 | Cross-site Scripting vulnerability in multiple products In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. | 6.1 |
| 2022-08-21 | CVE-2022-34916 | Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0 Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 9.8 |
| 2022-08-16 | CVE-2022-38362 | Unspecified vulnerability in Apache Apache-Airflow-Providers-Docker Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. | 8.8 |
| 2022-08-15 | CVE-2022-37400 | Unspecified vulnerability in Apache Openoffice Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. | 8.8 |
| 2022-08-15 | CVE-2022-37401 | Unspecified vulnerability in Apache Openoffice Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. | 8.8 |
| 2022-08-10 | CVE-2021-37150 | Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. | 7.5 |