Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2022-23302 | Deserialization of Untrusted Data vulnerability in multiple products JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. | 8.8 |
| 2022-01-18 | CVE-2022-23307 | Deserialization of Untrusted Data vulnerability in multiple products CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. | 8.8 |
| 2022-01-11 | CVE-2021-43999 | Improper Authentication vulnerability in Apache Guacamole 1.2.0/1.3.0 Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. | 8.8 |
| 2022-01-06 | CVE-2021-43045 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Avro A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. | 7.5 |
| 2022-01-06 | CVE-2021-27738 | Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. | 7.5 |
| 2022-01-06 | CVE-2021-45457 | Incorrect Authorization vulnerability in Apache Kylin In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. | 7.5 |
| 2022-01-06 | CVE-2021-45458 | Use of Insufficiently Random Values vulnerability in Apache Kylin Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. | 7.5 |
| 2022-01-04 | CVE-2021-34797 | Information Exposure Through Log Files vulnerability in Apache Geode Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". | 7.5 |
| 2022-01-04 | CVE-2021-40110 | Unspecified vulnerability in Apache James 2.2.0/3.3.0/3.4.0 In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. | 7.5 |
| 2021-12-20 | CVE-2021-41561 | Improper Input Validation vulnerability in Apache Parquet-Mr Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. | 7.5 |