Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-04 CVE-2022-33684 Improper Certificate Validation vulnerability in Apache Pulsar
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration.
network
high complexity
apache CWE-295
8.1
2022-11-03 CVE-2022-32287 Unspecified vulnerability in Apache Uimaj
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names.
network
low complexity
apache
7.5
2022-11-01 CVE-2022-42252 Unspecified vulnerability in Apache Tomcat
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
network
low complexity
apache
7.5
2022-10-26 CVE-2022-39944 Deserialization of Untrusted Data vulnerability in Apache Linkis
In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters.
network
low complexity
apache CWE-502
8.8
2022-10-26 CVE-2022-43766 Unspecified vulnerability in Apache Iotdb
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8.
network
low complexity
apache
7.5
2022-10-25 CVE-2022-41704 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.
network
low complexity
apache debian CWE-918
7.5
2022-10-25 CVE-2022-42890 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript.
network
low complexity
apache debian CWE-918
7.5
2022-10-07 CVE-2022-41672 Unspecified vulnerability in Apache Airflow
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
network
low complexity
apache
8.1
2022-09-22 CVE-2022-40146 Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url.
network
low complexity
apache debian
7.5
2022-09-22 CVE-2022-40705 XXE vulnerability in Apache Soap 2.2/2.3
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP.
network
low complexity
apache CWE-611
7.5