Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2022-23223 Insufficiently Protected Credentials vulnerability in Apache Shenyu 2.4.0/2.4.1
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users.
network
low complexity
apache CWE-522
7.5
2022-01-25 CVE-2022-23945 Missing Authentication for Critical Function vulnerability in Apache Shenyu 2.4.0/2.4.1
Missing authentication on ShenYu Admin when register by HTTP.
network
low complexity
apache CWE-306
7.5
2022-01-18 CVE-2022-23302 Deserialization of Untrusted Data vulnerability in multiple products
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to.
network
low complexity
apache netapp broadcom qos oracle CWE-502
8.8
2022-01-18 CVE-2022-23307 Deserialization of Untrusted Data vulnerability in multiple products
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw.
network
low complexity
apache qos oracle CWE-502
8.8
2022-01-11 CVE-2021-43999 Improper Authentication vulnerability in Apache Guacamole 1.2.0/1.3.0
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider.
network
low complexity
apache CWE-287
8.8
2022-01-06 CVE-2021-43045 Allocation of Resources Without Limits or Throttling vulnerability in Apache Avro
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack.
network
low complexity
apache CWE-770
7.5
2022-01-06 CVE-2021-27738 Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator.
network
low complexity
apache CWE-918
7.5
2022-01-06 CVE-2021-45457 Incorrect Authorization vulnerability in Apache Kylin
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
network
low complexity
apache CWE-863
7.5
2022-01-06 CVE-2021-45458 Use of Insufficiently Random Values vulnerability in Apache Kylin
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords.
network
low complexity
apache CWE-330
7.5
2022-01-04 CVE-2021-34797 Information Exposure Through Log Files vulnerability in Apache Geode
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-".
network
low complexity
apache CWE-532
7.5