Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-26779 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cloudstack Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. | 7.5 |
| 2022-03-14 | CVE-2022-22719 | Improper Initialization vulnerability in multiple products A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. | 7.5 |
| 2022-03-10 | CVE-2021-38296 | Authentication Bypass by Capture-replay vulnerability in multiple products Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". | 7.5 |
| 2022-02-25 | CVE-2022-24288 | OS Command Injection vulnerability in Apache Airflow In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. | 8.8 |
| 2022-02-25 | CVE-2022-24947 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Jspwiki Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. | 8.8 |
| 2022-02-11 | CVE-2022-24289 | Deserialization of Untrusted Data vulnerability in Apache Cayenne Hessian serialization is a network protocol that supports object-based transmission. | 8.8 |
| 2022-02-06 | CVE-2022-23206 | Server-Side Request Forgery (SSRF) vulnerability in Apache Traffic Control In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. | 7.5 |
| 2022-02-04 | CVE-2022-23913 | In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. | 7.5 |
| 2022-01-27 | CVE-2022-23181 | The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. | 7.0 |
| 2022-01-26 | CVE-2021-41766 | Deserialization of Untrusted Data vulnerability in Apache Karaf Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). | 8.1 |