Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-11 CVE-2022-39135 Unspecified vulnerability in Apache Calcite
Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack.
network
low complexity
apache
critical
9.8
2022-09-02 CVE-2022-25371 Unspecified vulnerability in Apache Ofbiz
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports.
network
low complexity
apache
critical
9.8
2022-09-02 CVE-2022-29063 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099.
network
low complexity
apache CWE-502
critical
9.8
2022-09-02 CVE-2022-38054 Session Fixation vulnerability in Apache Airflow
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.
network
low complexity
apache CWE-384
critical
9.8
2022-08-31 CVE-2022-37021 Deserialization of Untrusted Data vulnerability in Apache Geode
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8.
network
low complexity
apache CWE-502
critical
9.8
2022-08-21 CVE-2022-34916 Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.
network
low complexity
apache
critical
9.8
2022-08-04 CVE-2022-25168 Unspecified vulnerability in Apache Hadoop
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell.
network
low complexity
apache
critical
9.8
2022-07-18 CVE-2022-35741 XXE vulnerability in Apache Cloudstack
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection.
network
low complexity
apache CWE-611
critical
9.8
2022-07-06 CVE-2022-33980 Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
network
low complexity
apache netapp debian
critical
9.8
2022-07-06 CVE-2022-32533 Unspecified vulnerability in Apache Jetspeed
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF.
network
low complexity
apache
critical
9.8