Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-25 | CVE-2021-45229 | Cross-site Scripting vulnerability in Apache Airflow It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. | 6.1 |
| 2022-02-25 | CVE-2022-24948 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2022-02-07 | CVE-2022-22931 | Path Traversal vulnerability in Apache James 3.6.1 Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. | 4.3 |
| 2022-02-04 | CVE-2021-36151 | Information Exposure vulnerability in Apache Gobblin 0.15.0 In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. | 5.5 |
| 2022-02-01 | CVE-2021-44451 | Insufficiently Protected Credentials vulnerability in Apache Superset Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. | 6.5 |
| 2022-02-01 | CVE-2021-41571 | Unspecified vulnerability in Apache Pulsar In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. | 6.5 |
| 2022-01-26 | CVE-2022-22932 | Path Traversal vulnerability in Apache Karaf Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. | 5.3 |
| 2022-01-24 | CVE-2022-23437 | Infinite Loop vulnerability in multiple products There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. | 6.5 |
| 2022-01-20 | CVE-2021-45230 | Unspecified vulnerability in Apache Airflow In Apache Airflow prior to 2.2.0. | 6.5 |
| 2022-01-20 | CVE-2022-22733 | Information Exposure vulnerability in Apache Shardingsphere Elasticjob-Ui 3.0.0 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. | 6.5 |