Vulnerabilities > Apache

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-06	CVE-2021-31522	Unsafe Reflection vulnerability in Apache Kylin Kylin can receive user input and load any class through Class.forName(...). network low complexity apache CWE-470 critical	9.8
2022-01-06	CVE-2021-36774	Unspecified vulnerability in Apache Kylin Apache Kylin allows users to read data from other database systems using JDBC. network low complexity apache	6.5
2022-01-06	CVE-2021-45456	Command Injection vulnerability in Apache Kylin 4.0.0 Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. network low complexity apache CWE-77 critical	9.8
2022-01-06	CVE-2021-45457	Incorrect Authorization vulnerability in Apache Kylin In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. network low complexity apache CWE-863	7.5
2022-01-06	CVE-2021-45458	Use of Insufficiently Random Values vulnerability in Apache Kylin Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. network low complexity apache CWE-330	7.5
2022-01-06	CVE-2021-36737	Cross-site Scripting vulnerability in Apache Pluto The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. network low complexity apache CWE-79	6.1
2022-01-06	CVE-2021-36738	Cross-site Scripting vulnerability in Apache Pluto The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. network low complexity apache CWE-79	6.1
2022-01-06	CVE-2021-36739	Cross-site Scripting vulnerability in Apache Pluto 3.1.0 The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks. network low complexity apache CWE-79	6.1
2022-01-04	CVE-2021-34797	Information Exposure Through Log Files vulnerability in Apache Geode Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". network low complexity apache CWE-532	7.5
2022-01-04	CVE-2021-38542	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache James 2.2.0/3.3.0/3.4.0 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. network high complexity apache CWE-327	5.9

Vulnerabilities > Apache {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Apache"}]}

Vulnerabilities > Apache