Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-30 CVE-2022-29265 XXE vulnerability in Apache Nifi
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration.
network
low complexity
apache CWE-611
7.5
7.5
2022-04-26 CVE-2022-23942 Use of Hard-coded Credentials vulnerability in Apache Doris
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
network
low complexity
apache CWE-798
7.5
7.5
2022-04-20 CVE-2022-29266 Information Exposure Through an Error Message vulnerability in Apache Apisix
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.
network
low complexity
apache CWE-209
7.5
7.5
2022-04-12 CVE-2022-24070 Use After Free vulnerability in multiple products
Subversion's mod_dav_svn is vulnerable to memory corruption.
network
low complexity
apache debian fedoraproject apple CWE-416
7.5
7.5
2022-04-05 CVE-2022-23974 Uncontrolled Recursion vulnerability in Apache Pinot
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables.
network
low complexity
apache CWE-674
7.5
7.5
2022-03-30 CVE-2022-25598 Unspecified vulnerability in Apache Dolphinscheduler
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
network
low complexity
apache
7.5
7.5
2022-03-23 CVE-2021-44040 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests.
network
low complexity
apache debian CWE-20
7.5
7.5
2022-03-23 CVE-2021-44759 Improper Authentication vulnerability in multiple products
Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack.
network
high complexity
apache debian CWE-287
8.1
8.1
2022-03-15 CVE-2022-26779 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cloudstack
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens.
network
high complexity
apache CWE-338
7.5
7.5
2022-03-14 CVE-2022-22719 Improper Initialization vulnerability in multiple products
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.
network
low complexity
apache debian fedoraproject oracle apple CWE-665
7.5
7.5