Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-02 | CVE-2022-29158 | Unspecified vulnerability in Apache Ofbiz Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. | 7.5 |
| 2022-09-01 | CVE-2022-37435 | Unspecified vulnerability in Apache Shenyu 2.4.2/2.4.3 Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. | 8.8 |
| 2022-08-31 | CVE-2022-37022 | Deserialization of Untrusted Data vulnerability in Apache Geode Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. | 8.8 |
| 2022-08-25 | CVE-2022-22728 | A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. | 7.5 |
| 2022-08-25 | CVE-2021-25642 | Unspecified vulnerability in Apache Hadoop ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. | 8.8 |
| 2022-08-16 | CVE-2022-38362 | Unspecified vulnerability in Apache Apache-Airflow-Providers-Docker Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. | 8.8 |
| 2022-08-15 | CVE-2022-37400 | Unspecified vulnerability in Apache Openoffice Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. | 8.8 |
| 2022-08-15 | CVE-2022-37401 | Unspecified vulnerability in Apache Openoffice Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. | 8.8 |
| 2022-08-10 | CVE-2021-37150 | Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. | 7.5 |
| 2022-08-10 | CVE-2022-25763 | Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. | 7.5 |