Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-20 | CVE-2022-34917 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Kafka 2.8.0/2.8.1/3.0.0 A security vulnerability has been identified in Apache Kafka. | 7.5 |
| 2022-09-08 | CVE-2022-28220 | Command Injection vulnerability in Apache James Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 7.5 |
| 2022-09-05 | CVE-2022-38369 | Session Fixation vulnerability in Apache Iotdb 0.13.0 Apache IoTDB version 0.13.0 is vulnerable by session id attack. | 8.8 |
| 2022-09-05 | CVE-2022-38370 | Missing Authorization vulnerability in Apache Iotdb 0.13.0 Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. | 7.5 |
| 2022-09-02 | CVE-2022-25813 | Code Injection vulnerability in Apache Ofbiz In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. | 7.5 |
| 2022-09-02 | CVE-2022-29158 | Unspecified vulnerability in Apache Ofbiz Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. | 7.5 |
| 2022-09-01 | CVE-2022-37435 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Shenyu 2.4.2/2.4.3 Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. | 8.8 |
| 2022-08-31 | CVE-2022-37022 | Deserialization of Untrusted Data vulnerability in Apache Geode Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. | 8.8 |
| 2022-08-25 | CVE-2022-22728 | Classic Buffer Overflow vulnerability in multiple products A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. | 7.5 |
| 2022-08-25 | CVE-2021-25642 | Deserialization of Untrusted Data vulnerability in Apache Hadoop ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. | 8.8 |