Vulnerabilities > Apache > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-13 | CVE-2022-25762 | Improper Resource Shutdown or Release vulnerability in multiple products If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. | 8.6 |
2022-05-12 | CVE-2022-29885 | The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. | 7.5 |
2022-04-30 | CVE-2022-29265 | XXE vulnerability in Apache Nifi Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. | 7.5 |
2022-04-26 | CVE-2022-23942 | Use of Hard-coded Credentials vulnerability in Apache Doris Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. | 7.5 |
2022-04-20 | CVE-2022-29266 | Information Exposure Through an Error Message vulnerability in Apache Apisix In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information. | 7.5 |
2022-04-12 | CVE-2022-24070 | Use After Free vulnerability in multiple products Subversion's mod_dav_svn is vulnerable to memory corruption. | 7.5 |
2022-04-05 | CVE-2022-23974 | Uncontrolled Recursion vulnerability in Apache Pinot In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. | 7.5 |
2022-03-30 | CVE-2022-25598 | Unspecified vulnerability in Apache Dolphinscheduler Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | 7.5 |
2022-03-23 | CVE-2021-44040 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. | 7.5 |
2022-03-23 | CVE-2021-44759 | Improper Authentication vulnerability in multiple products Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. | 8.1 |