Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-16 | CVE-2022-45047 | Deserialization of Untrusted Data vulnerability in Apache Sshd Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. | 9.8 |
| 2022-11-14 | CVE-2022-45136 | Unspecified vulnerability in Apache Jena SDB 3.17.0 Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. | 9.8 |
| 2022-11-14 | CVE-2022-45378 | Unspecified vulnerability in Apache Soap 1.2/2.2/2.3 In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. | 9.8 |
| 2022-11-07 | CVE-2022-42920 | Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. | 9.8 |
| 2022-11-07 | CVE-2022-37865 | Path Traversal vulnerability in Apache IVY 2.4.0/2.5.0 With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. | 9.1 |
| 2022-10-26 | CVE-2022-42468 | Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0 Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. | 9.8 |
| 2022-10-24 | CVE-2021-42010 | Improper Encoding or Escaping of Output vulnerability in Apache Heron Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. | 9.8 |
| 2022-10-18 | CVE-2022-39198 | Unspecified vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. | 9.8 |
| 2022-10-13 | CVE-2022-24697 | OS Command Injection vulnerability in Apache Kylin Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. | 9.8 |
| 2022-10-13 | CVE-2022-42889 | Code Injection vulnerability in multiple products Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | 9.8 |