Vulnerabilities > Apache > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-14 | CVE-2022-45378 | Unspecified vulnerability in Apache Soap 1.2/2.2/2.3 In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. | 9.8 |
2022-11-07 | CVE-2022-42920 | Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. | 9.8 |
2022-11-07 | CVE-2022-37865 | Path Traversal vulnerability in Apache IVY 2.4.0/2.5.0 With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. | 9.1 |
2022-10-26 | CVE-2022-42468 | Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0 Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. | 9.8 |
2022-10-24 | CVE-2021-42010 | Improper Encoding or Escaping of Output vulnerability in Apache Heron Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. | 9.8 |
2022-10-18 | CVE-2022-39198 | Unspecified vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. | 9.8 |
2022-10-13 | CVE-2022-24697 | OS Command Injection vulnerability in Apache Kylin Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. | 9.8 |
2022-10-13 | CVE-2022-42889 | Code Injection vulnerability in multiple products Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | 9.8 |
2022-10-12 | CVE-2022-40664 | Unspecified vulnerability in Apache Shiro Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. | 9.8 |
2022-09-23 | CVE-2022-26112 | Unspecified vulnerability in Apache Pinot In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. | 9.8 |