Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2022-08-04 CVE-2022-28730 Cross-site Scripting vulnerability in Apache Jspwiki
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
network
low complexity
apache CWE-79
6.1
2022-08-04 CVE-2022-28731 Cross-Site Request Forgery (CSRF) vulnerability in Apache Jspwiki
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
network
low complexity
apache CWE-352
6.5
2022-08-04 CVE-2022-28732 Cross-site Scripting vulnerability in Apache Jspwiki
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
network
low complexity
apache CWE-79
6.1
2022-08-04 CVE-2022-34158 Cross-Site Request Forgery (CSRF) vulnerability in Apache Jspwiki
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account.
network
low complexity
apache CWE-352
8.8
2022-07-28 CVE-2022-36364 Improper Initialization vulnerability in Apache Calcite Avatica
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution.
network
low complexity
apache CWE-665
8.8
2022-07-24 CVE-2022-24294 Unspecified vulnerability in Apache Mxnet
A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption.
network
low complexity
apache
7.5
2022-07-19 CVE-2022-34169 Incorrect Conversion between Numeric Types vulnerability in multiple products
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets.
7.5
2022-07-18 CVE-2022-35741 XXE vulnerability in Apache Cloudstack
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection.
network
low complexity
apache CWE-611
critical
9.8
2022-07-18 CVE-2022-36127 Unspecified vulnerability in Apache Skywalking
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1.
network
low complexity
apache
7.5
2022-07-18 CVE-2022-33891 OS Command Injection vulnerability in Apache Spark
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable.
network
low complexity
apache CWE-78
8.8