Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-45047
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for l...
Apache Sshd
1 Github repository
9.8
CVSSv3
CVE-2022-45136
Apache Jena SDB 3.17.0 and previous versions is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this...
Apache Jena Sdb
9.8
CVSSv3
CVE-2022-45378
In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lea...
Apache Soap
9.8
CVSSv3
CVE-2022-42920
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controlla...
Apache Commons Bcel
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
1 Github repository
9.8
CVSSv3
CVE-2022-42468
Apache Flume versions 1.4.0 up to and including 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.
Apache Flume
9.8
CVSSv3
CVE-2021-42010
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
Apache Heron
9.8
CVSSv3
CVE-2022-39198
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo...
Apache Dubbo 3.1.0
Apache Dubbo
9.8
CVSSv3
CVE-2022-24697
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any opera...
Apache Kylin
9.8
CVSSv3
CVE-2022-42889
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringL...
Apache Commons Text
Netapp Bluexp -
Juniper Security Threat Response Manager
Juniper Security Threat Response Manager 7.5.0
64 Github repositories
9.8
CVSSv3
CVE-2022-40664
Apache Shiro prior to 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
Apache Shiro
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »