Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-06 CVE-2022-26850 Exposure of Resource to Wrong Sphere vulnerability in Apache Nifi 1.14.0/1.15.0/1.15.3
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory.
network
low complexity
apache CWE-668
4.3
2022-03-04 CVE-2022-26336 A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception.
local
low complexity
apache netapp
5.5
2022-02-25 CVE-2021-45229 Cross-site Scripting vulnerability in Apache Airflow
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.
network
low complexity
apache CWE-79
6.1
2022-02-25 CVE-2022-24948 Cross-site Scripting vulnerability in Apache Jspwiki
A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
network
low complexity
apache CWE-79
6.1
2022-02-07 CVE-2022-22931 Path Traversal vulnerability in Apache James 3.6.1
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations.
network
low complexity
apache CWE-22
4.3
2022-02-04 CVE-2021-36151 Information Exposure vulnerability in Apache Gobblin 0.15.0
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems.
local
low complexity
apache CWE-200
5.5
2022-02-01 CVE-2021-44451 Insufficiently Protected Credentials vulnerability in Apache Superset
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users.
network
low complexity
apache CWE-522
6.5
2022-02-01 CVE-2021-41571 Unspecified vulnerability in Apache Pulsar
In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user.
network
low complexity
apache
6.5
2022-01-26 CVE-2022-22932 Path Traversal vulnerability in Apache Karaf
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder.
network
low complexity
apache CWE-22
5.3
2022-01-24 CVE-2022-23437 Infinite Loop vulnerability in multiple products
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.
network
low complexity
apache oracle netapp CWE-835
6.5