Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2021-07-05 CVE-2021-33192 Cross-site Scripting vulnerability in Apache Jena Fuseki 2.0.0/4.0.0
A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views.
network
low complexity
apache CWE-79
6.1
6.1
2021-07-02 CVE-2021-26920 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Druid
In the Druid ingestion system, the InputSource is used for reading data from a certain data source.
network
low complexity
apache CWE-610
6.5
6.5
2021-06-30 CVE-2021-32566 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-06-30 CVE-2021-32567 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-06-30 CVE-2021-35474 Out-of-bounds Write vulnerability in multiple products
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.
network
low complexity
apache debian CWE-787
critical
 9.8
9.8
2021-06-29 CVE-2021-27577 HTTP Request Smuggling vulnerability in multiple products
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache.
network
low complexity
apache debian CWE-444
7.5
7.5
2021-06-29 CVE-2021-32565 HTTP Request Smuggling vulnerability in multiple products
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-444
7.5
7.5
2021-06-21 CVE-2021-26461 Integer Overflow or Wraparound vulnerability in Apache Nuttx
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign.
network
low complexity
apache CWE-190
critical
 9.8
9.8
2021-06-16 CVE-2021-30468 Infinite Loop vulnerability in multiple products
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely.
network
low complexity
apache oracle CWE-835
7.5
7.5
2021-06-16 CVE-2021-33813 XXE vulnerability in multiple products
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
network
low complexity
jdom apache debian fedoraproject oracle CWE-611
7.5
7.5