Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

CVE-2022-38054

In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.

CVE
Open in Source
#web#apache
CVE-2022-38170

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

CVE-2022-36637: Vulnerability of Garage Management System 1.0

Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php.

CVE-2022-36594: selectByIds function sql injection · Issue #862 · abel533/Mapper

Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function.

GHSA-fjjw-82xw-vfc2: Apache ShenYu Admin v2.4.2-v2.4.3 has insecure permissions

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Version 2.5.0 contains a patch for this issue.

Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects

The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.

Vulnerability Fixed in Azure Synapse Spark

Summary: Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of this effort, and our collaborative partnership is critical in a world where cybersecurity attacks continue to grow in number and sophistication.  We value the role … Vulnerability Fixed in Azure Synapse Spark Read More »

CVE-2022-37435

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.

Vulnerability Fixed in Azure Synapse Spark

Summary Summary Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of this effort, and our collaborative partnership is critical in a world where cybersecurity attacks continue to grow in number and sophistication.

CVE-2022-36203: Doctor's Appointment System using PHP Free Source Code

Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.