Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-13 CVE-2022-25762 Improper Resource Shutdown or Release vulnerability in multiple products
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed.
network
low complexity
apache oracle CWE-404
8.6
2022-05-12 CVE-2022-29885 The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network.
network
low complexity
apache debian oracle
7.5
2022-04-30 CVE-2022-29265 XXE vulnerability in Apache Nifi
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration.
network
low complexity
apache CWE-611
7.5
2022-04-26 CVE-2022-23942 Use of Hard-coded Credentials vulnerability in Apache Doris
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
network
low complexity
apache CWE-798
7.5
2022-04-20 CVE-2022-29266 Information Exposure Through an Error Message vulnerability in Apache Apisix
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.
network
low complexity
apache CWE-209
7.5
2022-04-12 CVE-2022-24070 Use After Free vulnerability in multiple products
Subversion's mod_dav_svn is vulnerable to memory corruption.
network
low complexity
apache debian fedoraproject apple CWE-416
7.5
2022-04-05 CVE-2022-23974 Uncontrolled Recursion vulnerability in Apache Pinot
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables.
network
low complexity
apache CWE-674
7.5
2022-03-30 CVE-2022-25598 Unspecified vulnerability in Apache Dolphinscheduler
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
network
low complexity
apache
7.5
2022-03-23 CVE-2021-44040 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests.
network
low complexity
apache debian CWE-20
7.5
2022-03-23 CVE-2021-44759 Improper Authentication vulnerability in multiple products
Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack.
network
high complexity
apache debian CWE-287
8.1