Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-13 | CVE-2021-35516 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
| 2021-07-13 | CVE-2021-35517 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
| 2021-07-13 | CVE-2021-36090 | When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
| 2021-07-12 | CVE-2021-30639 | Improper Handling of Exceptional Conditions vulnerability in multiple products A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. | 7.5 |
| 2021-07-12 | CVE-2021-30640 | Improper Encoding or Escaping of Output vulnerability in multiple products A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. | 6.5 |
| 2021-07-12 | CVE-2021-33037 | HTTP Request Smuggling vulnerability in multiple products Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. | 5.3 |
| 2021-07-12 | CVE-2021-30129 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. | 6.5 |
| 2021-07-05 | CVE-2021-33192 | Cross-site Scripting vulnerability in Apache Jena Fuseki 2.0.0/4.0.0 A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. | 4.3 |
| 2021-07-02 | CVE-2021-26920 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Druid In the Druid ingestion system, the InputSource is used for reading data from a certain data source. | 6.5 |
| 2021-06-30 | CVE-2021-32566 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. | 5.0 |