Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-10 | CVE-2020-13950 | NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service | 7.5 |
| 2021-06-10 | CVE-2020-35452 | Out-of-bounds Write vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. | 7.3 |
| 2021-06-10 | CVE-2021-26690 | NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service | 7.5 |
| 2021-06-10 | CVE-2021-26691 | Out-of-bounds Write vulnerability in multiple products In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | 9.8 |
| 2021-06-10 | CVE-2021-30641 | Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' | 5.3 |
| 2021-06-08 | CVE-2021-33190 | Improper Restriction of Excessive Authentication Attempts vulnerability in Apache Apisix Dashboard 2.6 In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. | 5.3 |
| 2021-06-07 | CVE-2021-29621 | Information Exposure Through Discrepancy vulnerability in multiple products Flask-AppBuilder is a development framework, built on top of Flask. | 5.3 |
| 2021-06-01 | CVE-2021-25640 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | 6.1 |
| 2021-06-01 | CVE-2021-25641 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. | 9.8 |
| 2021-06-01 | CVE-2021-30179 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. | 9.8 |