Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-29 | CVE-2022-32532 | Incorrect Authorization vulnerability in Apache Shiro Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. | 9.8 |
| 2022-06-14 | CVE-2022-25167 | Unspecified vulnerability in Apache Flume 1.4.0/1.9.0 Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 9.8 |
| 2022-06-13 | CVE-2021-37404 | Unspecified vulnerability in Apache Hadoop There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. | 9.8 |
| 2022-06-09 | CVE-2022-28615 | Integer Overflow or Wraparound vulnerability in multiple products Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. | 9.1 |
| 2022-06-09 | CVE-2022-31813 | Insufficient Verification of Data Authenticity vulnerability in multiple products Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. | 9.8 |
| 2022-05-23 | CVE-2022-29599 | In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | 9.8 |
| 2022-05-05 | CVE-2022-28890 | XXE vulnerability in Apache Jena 4.4.0 A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. | 9.8 |
| 2022-04-26 | CVE-2022-24706 | Unspecified vulnerability in Apache Couchdb In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. | 9.8 |
| 2022-04-13 | CVE-2022-27479 | SQL Injection vulnerability in Apache Superset Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. | 9.8 |
| 2022-04-12 | CVE-2021-31805 | Expression Language Injection vulnerability in Apache Struts The fix issued for CVE-2020-17530 was incomplete. | 9.8 |