Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-29 | CVE-2022-44635 | Path Traversal vulnerability in Apache Fineract Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. | 8.8 |
| 2022-11-24 | CVE-2022-26885 | Unspecified vulnerability in Apache Dolphinscheduler When using tasks to read config files, there is a risk of database password disclosure. | 7.5 |
| 2022-11-22 | CVE-2022-41131 | OS Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. | 7.8 |
| 2022-11-21 | CVE-2022-45470 | Improper Input Validation vulnerability in Apache Hama missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. | 7.5 |
| 2022-11-15 | CVE-2022-40308 | Unspecified vulnerability in Apache Archiva If anonymous read enabled, it's possible to read the database file directly without logging in. | 7.5 |
| 2022-11-14 | CVE-2022-27949 | Information Exposure vulnerability in Apache Airflow A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). | 7.5 |
| 2022-11-14 | CVE-2022-40127 | Code Injection vulnerability in Apache Airflow A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. | 8.8 |
| 2022-11-07 | CVE-2022-37866 | Path Traversal vulnerability in Apache IVY When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. | 7.5 |
| 2022-11-04 | CVE-2022-33684 | Improper Certificate Validation vulnerability in Apache Pulsar The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. | 8.1 |
| 2022-11-03 | CVE-2022-32287 | Path Traversal vulnerability in Apache Uimaj A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. | 7.5 |