Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-23974 | Uncontrolled Recursion vulnerability in Apache Pinot In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. | 7.5 |
| 2022-03-30 | CVE-2022-25598 | Unspecified vulnerability in Apache Dolphinscheduler Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | 7.5 |
| 2022-03-23 | CVE-2021-44040 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. | 7.5 |
| 2022-03-23 | CVE-2021-44759 | Improper Authentication vulnerability in multiple products Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. | 8.1 |
| 2022-03-15 | CVE-2022-26779 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cloudstack Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. | 7.5 |
| 2022-03-14 | CVE-2022-22719 | Improper Initialization vulnerability in multiple products A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. | 7.5 |
| 2022-03-10 | CVE-2021-38296 | Authentication Bypass by Capture-replay vulnerability in multiple products Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". | 7.5 |
| 2022-02-25 | CVE-2022-24288 | OS Command Injection vulnerability in Apache Airflow In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. | 8.8 |
| 2022-02-25 | CVE-2022-24947 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Jspwiki Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. | 8.8 |
| 2022-02-11 | CVE-2022-24289 | Deserialization of Untrusted Data vulnerability in Apache Cayenne Hessian serialization is a network protocol that supports object-based transmission. | 8.8 |