Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-03 | CVE-2021-37147 | HTTP Request Smuggling vulnerability in multiple products Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2021-11-03 | CVE-2021-37148 | Improper Input Validation vulnerability in multiple products Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2021-11-03 | CVE-2021-37149 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2021-11-03 | CVE-2021-38161 | Improper Authentication vulnerability in multiple products Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. | 8.1 |
| 2021-11-03 | CVE-2021-41585 | Improper Input Validation vulnerability in Apache Traffic Server Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. | 5.0 |
| 2021-11-03 | CVE-2021-43082 | Classic Buffer Overflow vulnerability in Apache Traffic Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. | 7.5 |
| 2021-11-01 | CVE-2021-27644 | SQL Injection vulnerability in Apache Dolphinscheduler In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. | 8.8 |
| 2021-11-01 | CVE-2021-41973 | Infinite Loop vulnerability in multiple products In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. | 4.3 |
| 2021-10-25 | CVE-2021-38294 | OS Command Injection vulnerability in Apache Storm A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. | 9.8 |
| 2021-10-25 | CVE-2021-40865 | Deserialization of Untrusted Data vulnerability in Apache Storm An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). | 7.5 |