Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-20 | CVE-2022-46421 | Unspecified vulnerability in Apache Apache-Airflow-Providers-Apache-Hive Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0. | 9.8 |
| 2022-12-13 | CVE-2022-46364 | Unspecified vulnerability in Apache CXF A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | 9.8 |
| 2022-12-02 | CVE-2022-46366 | Unspecified vulnerability in Apache Tapestry Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. | 9.8 |
| 2022-11-23 | CVE-2022-45462 | Unspecified vulnerability in Apache Dolphinscheduler Alarm instance management has command injection when there is a specific command configured. | 9.8 |
| 2022-11-22 | CVE-2022-38649 | Unspecified vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. | 9.8 |
| 2022-11-22 | CVE-2022-40189 | Unspecified vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. | 9.8 |
| 2022-11-16 | CVE-2022-45047 | Deserialization of Untrusted Data vulnerability in Apache Sshd Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. | 9.8 |
| 2022-11-14 | CVE-2022-45136 | Unspecified vulnerability in Apache Jena SDB 3.17.0 Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. | 9.8 |
| 2022-11-14 | CVE-2022-45378 | Unspecified vulnerability in Apache Soap 1.2/2.2/2.3 In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. | 9.8 |
| 2022-11-07 | CVE-2022-42920 | Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. | 9.8 |