Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-23 | CVE-2021-35940 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). | 7.1 |
| 2021-08-18 | CVE-2021-33580 | Resource Exhaustion vulnerability in Apache Roller User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. | 7.5 |
| 2021-08-18 | CVE-2021-37608 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Ofbiz Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. | 9.8 |
| 2021-08-16 | CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. | 7.5 |
| 2021-08-16 | CVE-2021-35936 | Missing Authentication for Critical Function vulnerability in Apache Airflow If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. | 5.3 |
| 2021-08-10 | CVE-2021-21501 | Path Traversal vulnerability in Apache Servicecomb Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. | 7.5 |
| 2021-07-29 | CVE-2021-37578 | Deserialization of Untrusted Data vulnerability in Apache Juddi Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. | 9.8 |
| 2021-07-26 | CVE-2021-33900 | Cleartext Transmission of Sensitive Information vulnerability in Apache Directory Studio While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. | 7.5 |
| 2021-07-22 | CVE-2021-28131 | Information Exposure Through Log Files vulnerability in Apache Impala Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. | 7.5 |
| 2021-07-14 | CVE-2021-24117 | Information Exposure Through Discrepancy vulnerability in Apache Teaclave SGX SDK 1.1.3 In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |