Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2021-09-16 CVE-2021-36160 Out-of-bounds Read vulnerability in multiple products
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).
network
low complexity
apache fedoraproject debian CWE-125
5.0
2021-09-16 CVE-2021-39239 XXE vulnerability in Apache Jena
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
network
low complexity
apache CWE-611
5.0
2021-09-16 CVE-2021-39275 Classic Buffer Overflow vulnerability in multiple products
ap_escape_quotes() may write beyond the end of a buffer when given malicious input.
network
low complexity
apache fedoraproject CWE-120
7.5
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
6.8
2021-09-16 CVE-2021-41079 Improper Input Validation vulnerability in multiple products
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets.
network
apache debian CWE-20
4.3
2021-09-11 CVE-2021-38555 XXE vulnerability in Apache Any23
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5.
network
low complexity
apache CWE-611
6.4
2021-09-11 CVE-2021-40146 Unspecified vulnerability in Apache Any23
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5.
network
low complexity
apache
critical
10.0
2021-09-09 CVE-2021-38540 Missing Authentication for Critical Function vulnerability in Apache Airflow
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3.
network
low complexity
apache CWE-306
7.5
2021-09-09 CVE-2021-36161 Use of Externally-Controlled Format String vulnerability in Apache Dubbo
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method.
network
low complexity
apache CWE-134
7.5
2021-09-09 CVE-2021-37579 Deserialization of Untrusted Data vulnerability in Apache Dubbo
The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server.
network
low complexity
apache CWE-502
7.5