Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-25 | CVE-2022-24948 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2022-02-11 | CVE-2021-44521 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Cassandra When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. | 9.1 |
| 2022-02-11 | CVE-2022-24112 | Authentication Bypass by Spoofing vulnerability in Apache Apisix An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. | 9.8 |
| 2022-02-11 | CVE-2022-24289 | Deserialization of Untrusted Data vulnerability in Apache Cayenne Hessian serialization is a network protocol that supports object-based transmission. | 8.8 |
| 2022-02-07 | CVE-2022-22931 | Path Traversal vulnerability in Apache James 3.6.1 Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. | 4.3 |
| 2022-02-06 | CVE-2022-23206 | Server-Side Request Forgery (SSRF) vulnerability in Apache Traffic Control In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. | 7.5 |
| 2022-02-04 | CVE-2021-36151 | Information Exposure vulnerability in Apache Gobblin 0.15.0 In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. | 5.5 |
| 2022-02-04 | CVE-2021-36152 | Unspecified vulnerability in Apache Gobblin 0.15.0 Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. | 9.8 |
| 2022-02-04 | CVE-2022-23913 | In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. | 7.5 |
| 2022-02-01 | CVE-2021-44451 | Insufficiently Protected Credentials vulnerability in Apache Superset Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. | 6.5 |