Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-12 | CVE-2022-24070 | Use After Free vulnerability in multiple products Subversion's mod_dav_svn is vulnerable to memory corruption. | 7.5 |
| 2022-04-12 | CVE-2021-31805 | Expression Language Injection vulnerability in Apache Struts The fix issued for CVE-2020-17530 was incomplete. | 9.8 |
| 2022-04-07 | CVE-2022-26612 | Link Following vulnerability in Apache Hadoop In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. | 9.8 |
| 2022-04-06 | CVE-2022-26850 | Exposure of Resource to Wrong Sphere vulnerability in Apache Nifi 1.14.0/1.15.0/1.15.3 When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. | 4.3 |
| 2022-04-05 | CVE-2022-23974 | Uncontrolled Recursion vulnerability in Apache Pinot In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. | 7.5 |
| 2022-03-30 | CVE-2022-25598 | Unspecified vulnerability in Apache Dolphinscheduler Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | 7.5 |
| 2022-03-28 | CVE-2022-25757 | Improper Input Validation vulnerability in Apache Apisix In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. | 9.8 |
| 2022-03-23 | CVE-2021-44040 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. | 7.5 |
| 2022-03-23 | CVE-2021-44759 | Improper Authentication vulnerability in multiple products Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. | 8.1 |
| 2022-03-15 | CVE-2022-26779 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cloudstack Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. | 7.5 |