Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-19 | CVE-2022-34169 | Incorrect Conversion between Numeric Types vulnerability in multiple products The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. | 7.5 |
| 2022-07-18 | CVE-2022-36127 | Unspecified vulnerability in Apache Skywalking A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. | 7.5 |
| 2022-07-18 | CVE-2022-33891 | Unspecified vulnerability in Apache Spark The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. | 8.8 |
| 2022-07-16 | CVE-2021-34538 | Missing Authentication for Critical Function vulnerability in Apache Hive Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. | 7.5 |
| 2022-07-13 | CVE-2022-31781 | Unspecified vulnerability in Apache Tapestry Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. | 7.5 |
| 2022-06-27 | CVE-2022-26477 | Resource Exhaustion vulnerability in Apache Systemds The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. | 7.5 |
| 2022-06-15 | CVE-2021-33036 | Path Traversal vulnerability in Apache Hadoop In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2022-06-15 | CVE-2022-33140 | OS Command Injection vulnerability in Apache Nifi and Nifi Registry The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. | 8.8 |
| 2022-06-09 | CVE-2022-26377 | HTTP Request Smuggling vulnerability in multiple products Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. | 7.5 |
| 2022-06-09 | CVE-2022-29404 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. | 7.5 |