Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-06 | CVE-2021-45457 | Incorrect Authorization vulnerability in Apache Kylin In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. | 7.5 |
| 2022-01-06 | CVE-2021-45458 | Use of Insufficiently Random Values vulnerability in Apache Kylin Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. | 7.5 |
| 2022-01-04 | CVE-2021-34797 | Information Exposure Through Log Files vulnerability in Apache Geode Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". | 7.5 |
| 2022-01-04 | CVE-2021-40110 | Unspecified vulnerability in Apache James 2.2.0/3.3.0/3.4.0 In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. | 7.5 |
| 2021-12-20 | CVE-2021-41561 | Improper Input Validation vulnerability in Apache Parquet-Mr Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. | 7.5 |
| 2021-12-20 | CVE-2021-44224 | NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). | 8.2 |
| 2021-12-19 | CVE-2021-43083 | Integer Underflow (Wrap or Wraparound) vulnerability in Apache Plc4X Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. | 8.8 |
| 2021-12-14 | CVE-2021-44549 | Improper Certificate Validation vulnerability in Apache Sling Commons Messaging Mail 1.0.0 Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. | 7.4 |
| 2021-12-14 | CVE-2021-4104 | Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. | 7.5 |
| 2021-11-22 | CVE-2021-43557 | Command Injection vulnerability in Apache Apisix The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. | 7.5 |