Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2022-23944 Missing Authentication for Critical Function vulnerability in Apache Shenyu 2.4.0/2.4.1
User can access /plugin api without authentication.
network
low complexity
apache CWE-306
critical
9.1
2022-01-18 CVE-2022-23305 SQL Injection vulnerability in multiple products
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.
network
low complexity
apache netapp broadcom qos oracle CWE-89
critical
9.8
2022-01-10 CVE-2021-43297 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache CWE-502
critical
9.8
2022-01-06 CVE-2021-31522 Unsafe Reflection vulnerability in Apache Kylin
Kylin can receive user input and load any class through Class.forName(...).
network
low complexity
apache CWE-470
critical
9.8
2022-01-06 CVE-2021-45456 Command Injection vulnerability in Apache Kylin 4.0.0
Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user.
network
low complexity
apache CWE-77
critical
9.8
2022-01-04 CVE-2021-40525 Path Traversal vulnerability in Apache James
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file.
network
low complexity
apache CWE-22
critical
9.1
2021-12-27 CVE-2021-45232 Missing Authentication for Critical Function vulnerability in Apache Apisix Dashboard
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.
network
low complexity
apache CWE-306
critical
9.8
2021-12-23 CVE-2021-44548 Path Traversal vulnerability in Apache Solr
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network.
network
low complexity
apache CWE-22
critical
9.8
2021-12-20 CVE-2021-44790 A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
network
low complexity
apache fedoraproject debian tenable netapp oracle apple
critical
9.8
2021-12-14 CVE-2021-45046 It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.
network
high complexity
apache intel cvat siemens debian sonicwall fedoraproject
critical
9.0