Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2021-10-07 CVE-2021-42013 Path Traversal vulnerability in multiple products
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient.
network
low complexity
apache fedoraproject CWE-22
7.5
2021-10-05 CVE-2021-41524 NULL Pointer Dereference vulnerability in multiple products
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server.
network
low complexity
apache fedoraproject CWE-476
5.0
2021-10-05 CVE-2021-41773 Path Traversal vulnerability in Apache Http Server 2.4.49
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49.
network
apache CWE-22
4.3
2021-09-30 CVE-2021-41616 Deserialization of Untrusted Data vulnerability in Apache Ddlutils 1.0
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features.
network
low complexity
apache CWE-502
7.5
2021-09-24 CVE-2021-36749 Exposure of Resource to Wrong Sphere vulnerability in Apache Druid
In the Druid ingestion system, the InputSource is used for reading data from a certain data source.
network
low complexity
apache CWE-668
4.0
2021-09-23 CVE-2021-33035 Classic Buffer Overflow vulnerability in Apache Openoffice
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets.
network
apache CWE-120
6.8
2021-09-22 CVE-2021-38153 Information Exposure Through Discrepancy vulnerability in Apache Kafka
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful.
network
apache CWE-203
4.3
2021-09-19 CVE-2021-40690 Information Exposure vulnerability in multiple products
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache debian CWE-200
5.0
2021-09-17 CVE-2021-41303 Improper Authentication vulnerability in Apache Shiro
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass.
network
low complexity
apache CWE-287
7.5
2021-09-16 CVE-2021-34798 NULL Pointer Dereference vulnerability in multiple products
Malformed requests may cause the server to dereference a NULL pointer.
network
low complexity
apache fedoraproject CWE-476
5.0