Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-20 | CVE-2022-46421 | Command Injection vulnerability in Apache Apache-Airflow-Providers-Apache-Hive Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0. | 9.8 |
| 2022-12-13 | CVE-2022-46364 | Server-Side Request Forgery (SSRF) vulnerability in Apache CXF A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | 9.8 |
| 2022-12-02 | CVE-2022-46366 | Deserialization of Untrusted Data vulnerability in Apache Tapestry Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. | 9.8 |
| 2022-11-23 | CVE-2022-45462 | Command Injection vulnerability in Apache Dolphinscheduler Alarm instance management has command injection when there is a specific command configured. | 9.8 |
| 2022-11-22 | CVE-2022-38649 | OS Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. | 9.8 |
| 2022-11-22 | CVE-2022-40189 | OS Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. | 9.8 |
| 2022-11-16 | CVE-2022-45047 | Deserialization of Untrusted Data vulnerability in Apache Sshd Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. | 9.8 |
| 2022-11-14 | CVE-2022-45136 | Deserialization of Untrusted Data vulnerability in Apache Jena SDB 3.17.0 Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. | 9.8 |
| 2022-11-14 | CVE-2022-45378 | Missing Authentication for Critical Function vulnerability in Apache Soap 1.2/2.2/2.3 In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. | 9.8 |
| 2022-11-07 | CVE-2022-42920 | Out-of-bounds Write vulnerability in multiple products Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. | 9.8 |