Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-01 | CVE-2021-41571 | Unspecified vulnerability in Apache Pulsar In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. | 6.5 |
| 2022-01-27 | CVE-2022-23181 | The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. | 7.0 |
| 2022-01-26 | CVE-2021-41766 | Deserialization of Untrusted Data vulnerability in Apache Karaf Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). | 8.1 |
| 2022-01-26 | CVE-2022-22932 | Path Traversal vulnerability in Apache Karaf Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. | 5.3 |
| 2022-01-25 | CVE-2021-45029 | Code Injection vulnerability in Apache Shenyu 2.4.0/2.4.1 Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. | 9.8 |
| 2022-01-25 | CVE-2022-23223 | Insufficiently Protected Credentials vulnerability in Apache Shenyu 2.4.0/2.4.1 On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. | 7.5 |
| 2022-01-25 | CVE-2022-23944 | Missing Authentication for Critical Function vulnerability in Apache Shenyu 2.4.0/2.4.1 User can access /plugin api without authentication. | 9.1 |
| 2022-01-25 | CVE-2022-23945 | Missing Authentication for Critical Function vulnerability in Apache Shenyu 2.4.0/2.4.1 Missing authentication on ShenYu Admin when register by HTTP. | 7.5 |
| 2022-01-24 | CVE-2022-23437 | Infinite Loop vulnerability in multiple products There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. | 6.5 |
| 2022-01-20 | CVE-2021-45230 | Unspecified vulnerability in Apache Airflow In Apache Airflow prior to 2.2.0. | 6.5 |