Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-09 | CVE-2022-29404 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. | 7.5 |
| 2022-06-09 | CVE-2022-30522 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. | 7.5 |
| 2022-06-09 | CVE-2022-30556 | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | 7.5 |
| 2022-06-09 | CVE-2022-31813 | Insufficient Verification of Data Authenticity vulnerability in multiple products Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. | 9.8 |
| 2022-06-09 | CVE-2022-24969 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | 6.1 |
| 2022-05-31 | CVE-2022-30973 | Unspecified vulnerability in Apache Tika We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. | 5.5 |
| 2022-05-25 | CVE-2022-29405 | Unspecified vulnerability in Apache Archiva In Apache Archiva, any registered user can reset password for any users. | 6.5 |
| 2022-05-23 | CVE-2022-29599 | In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | 9.8 |
| 2022-05-17 | CVE-2022-26650 | Unspecified vulnerability in Apache Shenyu 2.4.0/2.4.1/2.4.2 In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. | 7.5 |
| 2022-05-16 | CVE-2022-25169 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. | 5.5 |