Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-13 | CVE-2022-27479 | SQL Injection vulnerability in Apache Superset Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. | 9.8 |
| 2022-04-12 | CVE-2021-31805 | Expression Language Injection vulnerability in Apache Struts The fix issued for CVE-2020-17530 was incomplete. | 9.8 |
| 2022-04-07 | CVE-2022-26612 | Link Following vulnerability in Apache Hadoop In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. | 9.8 |
| 2022-03-28 | CVE-2022-25757 | Improper Input Validation vulnerability in Apache Apisix In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. | 9.8 |
| 2022-03-14 | CVE-2022-22720 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling | 9.8 |
| 2022-03-14 | CVE-2022-22721 | Integer Overflow or Wraparound vulnerability in multiple products If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. | 9.1 |
| 2022-03-14 | CVE-2022-23943 | Out-of-bounds Write vulnerability in multiple products Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. | 9.8 |
| 2022-03-05 | CVE-2022-25312 | XXE vulnerability in Apache Any23 An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. | 9.1 |
| 2022-02-11 | CVE-2021-44521 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Cassandra When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. | 9.1 |
| 2022-02-11 | CVE-2022-24112 | Authentication Bypass by Spoofing vulnerability in Apache Apisix An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. | 9.8 |