Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-20 | CVE-2021-45230 | Unspecified vulnerability in Apache Airflow In Apache Airflow prior to 2.2.0. | 6.5 |
| 2022-01-20 | CVE-2022-22733 | Information Exposure vulnerability in Apache Shardingsphere Elasticjob-Ui 3.0.0 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. | 6.5 |
| 2022-01-17 | CVE-2021-42357 | Cross-site Scripting vulnerability in Apache Knox When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. | 6.1 |
| 2022-01-11 | CVE-2021-41767 | Information Exposure vulnerability in Apache Guacamole Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. | 6.5 |
| 2022-01-06 | CVE-2021-36774 | Unspecified vulnerability in Apache Kylin Apache Kylin allows users to read data from other database systems using JDBC. | 6.5 |
| 2022-01-06 | CVE-2021-36737 | Cross-site Scripting vulnerability in Apache Pluto The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2022-01-06 | CVE-2021-36738 | Cross-site Scripting vulnerability in Apache Pluto The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2022-01-06 | CVE-2021-36739 | Cross-site Scripting vulnerability in Apache Pluto 3.1.0 The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2022-01-04 | CVE-2021-38542 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache James 2.2.0/3.3.0/3.4.0 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 5.9 |
| 2022-01-04 | CVE-2021-40111 | Infinite Loop vulnerability in Apache James 2.2.0/3.3.0/3.4.0 In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. | 6.5 |