Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-14 | CVE-2021-42340 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. | 7.5 |
| 2021-10-12 | CVE-2021-42009 | Improper Input Validation vulnerability in Apache Traffic Control An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. | 4.3 |
| 2021-10-11 | CVE-2021-41830 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. | 7.5 |
| 2021-10-11 | CVE-2021-41831 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate the timestamp of signed documents. | 5.3 |
| 2021-10-11 | CVE-2021-41832 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. | 7.5 |
| 2021-10-07 | CVE-2021-28129 | Unspecified vulnerability in Apache Openoffice 4.1.8 While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. | 7.8 |
| 2021-10-07 | CVE-2021-40439 | XXE vulnerability in Apache Openoffice Apache OpenOffice has a dependency on expat software. | 6.5 |
| 2021-10-07 | CVE-2021-42013 | It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. | 9.8 |
| 2021-10-05 | CVE-2021-41524 | NULL Pointer Dereference vulnerability in multiple products While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. | 7.5 |
| 2021-10-05 | CVE-2021-41773 | Path Traversal vulnerability in multiple products A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. | 7.5 |