Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2022-25763 Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.
network
low complexity
apache debian fedoraproject
7.5
7.5
2022-08-10 CVE-2022-28129 Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.
network
low complexity
apache debian fedoraproject
7.5
7.5
2022-08-10 CVE-2022-31778 Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.
network
low complexity
apache debian
7.5
7.5
2022-08-10 CVE-2022-31779 Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian fedoraproject
7.5
7.5
2022-08-10 CVE-2022-31780 Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian fedoraproject
7.5
7.5
2022-08-09 CVE-2022-35724 Infinite Loop vulnerability in Apache Avro
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU.
network
low complexity
apache CWE-835
7.5
7.5
2022-08-09 CVE-2022-36124 Allocation of Resources Without Limits or Throttling vulnerability in Apache Avro
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
network
low complexity
apache CWE-770
7.5
7.5
2022-08-09 CVE-2022-36125 Integer Overflow or Wraparound vulnerability in Apache Avro
It is possible to crash (panic) an application by providing a corrupted data to be read.
network
low complexity
apache CWE-190
7.5
7.5
2022-08-04 CVE-2022-25168 Unspecified vulnerability in Apache Hadoop
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell.
network
low complexity
apache
critical
 9.8
9.8
2022-08-04 CVE-2022-27166 Cross-site Scripting vulnerability in Apache Jspwiki
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
network
low complexity
apache CWE-79
6.1
6.1