Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-01 | CVE-2021-41973 | Infinite Loop vulnerability in multiple products In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. | 6.5 |
| 2021-10-25 | CVE-2021-38294 | OS Command Injection vulnerability in Apache Storm A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. | 9.8 |
| 2021-10-25 | CVE-2021-40865 | Deserialization of Untrusted Data vulnerability in Apache Storm An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). | 9.8 |
| 2021-10-18 | CVE-2021-32609 | Cross-site Scripting vulnerability in Apache Superset Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. | 5.4 |
| 2021-10-18 | CVE-2021-41971 | SQL Injection vulnerability in Apache Superset Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL. | 8.8 |
| 2021-10-14 | CVE-2021-38295 | Cross-site Scripting vulnerability in Apache Couchdb In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. | 7.3 |
| 2021-10-14 | CVE-2021-42340 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. | 7.5 |
| 2021-10-12 | CVE-2021-42009 | Improper Input Validation vulnerability in Apache Traffic Control An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. | 4.3 |
| 2021-10-11 | CVE-2021-41830 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. | 7.5 |
| 2021-10-11 | CVE-2021-41831 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate the timestamp of signed documents. | 5.3 |