Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-28129 | Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. | 7.5 |
| 2022-08-10 | CVE-2022-31778 | Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. | 7.5 |
| 2022-08-10 | CVE-2022-31779 | Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2022-08-10 | CVE-2022-31780 | Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2022-08-09 | CVE-2022-35724 | Infinite Loop vulnerability in Apache Avro It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. | 7.5 |
| 2022-08-09 | CVE-2022-36124 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Avro It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. | 7.5 |
| 2022-08-09 | CVE-2022-36125 | Integer Overflow or Wraparound vulnerability in Apache Avro It is possible to crash (panic) an application by providing a corrupted data to be read. | 7.5 |
| 2022-08-04 | CVE-2022-34158 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Jspwiki A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. | 8.8 |
| 2022-07-28 | CVE-2022-36364 | Improper Initialization vulnerability in Apache Calcite Avatica Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. | 8.8 |
| 2022-07-24 | CVE-2022-24294 | Unspecified vulnerability in Apache Mxnet A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. | 7.5 |