Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2022-23913 | In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. | 7.5 |
| 2022-01-27 | CVE-2022-23181 | The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. | 7.0 |
| 2022-01-26 | CVE-2021-41766 | Deserialization of Untrusted Data vulnerability in Apache Karaf Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). | 8.1 |
| 2022-01-25 | CVE-2022-23223 | Insufficiently Protected Credentials vulnerability in Apache Shenyu 2.4.0/2.4.1 On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. | 7.5 |
| 2022-01-25 | CVE-2022-23945 | Missing Authentication for Critical Function vulnerability in Apache Shenyu 2.4.0/2.4.1 Missing authentication on ShenYu Admin when register by HTTP. | 7.5 |
| 2022-01-18 | CVE-2022-23302 | Deserialization of Untrusted Data vulnerability in multiple products JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. | 8.8 |
| 2022-01-18 | CVE-2022-23307 | Deserialization of Untrusted Data vulnerability in multiple products CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. | 8.8 |
| 2022-01-11 | CVE-2021-43999 | Improper Authentication vulnerability in Apache Guacamole 1.2.0/1.3.0 Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. | 8.8 |
| 2022-01-06 | CVE-2021-43045 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Avro A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. | 7.5 |
| 2022-01-06 | CVE-2021-27738 | Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. | 7.5 |