Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-14 CVE-2022-45378 Unspecified vulnerability in Apache Soap 1.2/2.2/2.3
In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication.
network
low complexity
apache
critical
9.8
2022-11-07 CVE-2022-42920 Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics.
network
low complexity
apache fedoraproject
critical
9.8
2022-11-07 CVE-2022-37865 Path Traversal vulnerability in Apache IVY 2.4.0/2.5.0
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging.
network
low complexity
apache CWE-22
critical
9.1
2022-10-26 CVE-2022-42468 Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL.
network
low complexity
apache
critical
9.8
2022-10-24 CVE-2021-42010 Improper Encoding or Escaping of Output vulnerability in Apache Heron
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements.
network
low complexity
apache CWE-116
critical
9.8
2022-10-18 CVE-2022-39198 Unspecified vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache
critical
9.8
2022-10-13 CVE-2022-24697 OS Command Injection vulnerability in Apache Kylin
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu.
network
low complexity
apache CWE-78
critical
9.8
2022-10-13 CVE-2022-42889 Code Injection vulnerability in multiple products
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
network
low complexity
apache netapp juniper CWE-94
critical
9.8
2022-10-12 CVE-2022-40664 Unspecified vulnerability in Apache Shiro
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
network
low complexity
apache
critical
9.8
2022-09-23 CVE-2022-26112 Unspecified vulnerability in Apache Pinot
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support.
network
low complexity
apache
critical
9.8