Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-16 CVE-2021-34538 Missing Authentication for Critical Function vulnerability in Apache Hive
Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query.
network
low complexity
apache CWE-306
7.5
2022-07-13 CVE-2022-31781 Unspecified vulnerability in Apache Tapestry
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types.
network
low complexity
apache
7.5
2022-06-27 CVE-2022-26477 Resource Exhaustion vulnerability in Apache Systemds
The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion.
network
low complexity
apache CWE-400
7.5
2022-06-15 CVE-2021-33036 Path Traversal vulnerability in Apache Hadoop
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
network
low complexity
apache CWE-22
8.8
2022-06-15 CVE-2022-33140 OS Command Injection vulnerability in Apache Nifi and Nifi Registry
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms.
network
low complexity
apache CWE-78
8.8
2022-06-09 CVE-2022-26377 HTTP Request Smuggling vulnerability in multiple products
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
low complexity
apache fedoraproject netapp CWE-444
7.5
2022-06-09 CVE-2022-29404 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
network
low complexity
apache fedoraproject netapp CWE-770
7.5
2022-06-09 CVE-2022-30522 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
network
low complexity
apache netapp fedoraproject CWE-770
7.5
2022-06-09 CVE-2022-30556 Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
network
low complexity
apache netapp fedoraproject
7.5
2022-05-17 CVE-2022-26650 Unspecified vulnerability in Apache Shenyu 2.4.0/2.4.1/2.4.2
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user.
network
low complexity
apache
7.5