Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-14 CVE-2022-34271 Unspecified vulnerability in Apache Atlas
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem.
network
low complexity
apache
8.8
2022-12-13 CVE-2022-46363 Unspecified vulnerability in Apache CXF
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration.
network
low complexity
apache
7.5
2022-11-29 CVE-2022-44635 Unspecified vulnerability in Apache Fineract
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code.
network
low complexity
apache
8.8
2022-11-24 CVE-2022-26885 Unspecified vulnerability in Apache Dolphinscheduler
When using tasks to read config files, there is a risk of database password disclosure.
network
low complexity
apache
7.5
2022-11-22 CVE-2022-41131 Unspecified vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files.
local
low complexity
apache
7.8
2022-11-21 CVE-2022-45470 Unspecified vulnerability in Apache Hama
missing input validation in Apache Hama may cause information disclosure through path traversal and XSS.
network
low complexity
apache
7.5
2022-11-15 CVE-2022-40308 Unspecified vulnerability in Apache Archiva
If anonymous read enabled, it's possible to read the database file directly without logging in.
network
low complexity
apache
7.5
2022-11-14 CVE-2022-27949 Unspecified vulnerability in Apache Airflow
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed).
network
low complexity
apache
7.5
2022-11-14 CVE-2022-40127 Unspecified vulnerability in Apache Airflow
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter.
network
low complexity
apache
8.8
2022-11-07 CVE-2022-37866 Unspecified vulnerability in Apache IVY
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version.
network
low complexity
apache
7.5