Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-21 CVE-2022-40604 Use of Externally-Controlled Format String vulnerability in Apache Airflow
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
network
low complexity
apache CWE-134
7.5
2022-09-20 CVE-2022-40955 Unspecified vulnerability in Apache Inlong
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server.
network
low complexity
apache
8.8
2022-09-20 CVE-2022-34917 Allocation of Resources Without Limits or Throttling vulnerability in Apache Kafka 2.8.0/2.8.1/3.0.0
A security vulnerability has been identified in Apache Kafka.
network
low complexity
apache CWE-770
7.5
2022-09-08 CVE-2022-28220 Command Injection vulnerability in Apache James
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command.
network
low complexity
apache CWE-77
7.5
2022-09-05 CVE-2022-38369 Session Fixation vulnerability in Apache Iotdb 0.13.0
Apache IoTDB version 0.13.0 is vulnerable by session id attack.
network
low complexity
apache CWE-384
8.8
2022-09-05 CVE-2022-38370 Missing Authorization vulnerability in Apache Iotdb 0.13.0
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database.
network
low complexity
apache CWE-862
7.5
2022-09-02 CVE-2022-25813 Code Injection vulnerability in Apache Ofbiz
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page.
network
low complexity
apache CWE-94
7.5
2022-09-02 CVE-2022-29158 Unspecified vulnerability in Apache Ofbiz
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users.
network
low complexity
apache
7.5
2022-09-01 CVE-2022-37435 Unspecified vulnerability in Apache Shenyu 2.4.2/2.4.3
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords.
network
low complexity
apache
8.8
2022-08-31 CVE-2022-37022 Deserialization of Untrusted Data vulnerability in Apache Geode
Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11.
network
low complexity
apache CWE-502
8.8