Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-02 | CVE-2022-43985 | Unspecified vulnerability in Apache Airflow In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint. | 6.1 |
| 2022-11-01 | CVE-2022-31777 | Unspecified vulnerability in Apache Spark A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. | 5.4 |
| 2022-11-01 | CVE-2022-34662 | Unspecified vulnerability in Apache Dolphinscheduler When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. | 6.5 |
| 2022-10-28 | CVE-2022-26884 | Path Traversal vulnerability in Apache Dolphinscheduler Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | 6.5 |
| 2022-10-25 | CVE-2022-34870 | Cross-site Scripting vulnerability in Apache Geode Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. | 5.4 |
| 2022-10-19 | CVE-2022-42466 | Unspecified vulnerability in Apache Isis Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. | 6.1 |
| 2022-10-19 | CVE-2022-42467 | Insecure Default Initialization of Resource vulnerability in Apache Isis When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. | 5.3 |
| 2022-10-06 | CVE-2022-40159 | Out-of-bounds Write vulnerability in Apache Commons Jxpath ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. | 6.5 |
| 2022-10-06 | CVE-2022-40160 | Out-of-bounds Write vulnerability in Apache Commons Jxpath ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. | 6.5 |
| 2022-09-23 | CVE-2022-24280 | Improper Input Validation vulnerability in Apache Pulsar Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. | 6.5 |