Vulnerabilities > Apache > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-10 | CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple critical | 10.0 |
2021-11-24 | CVE-2021-44140 | Incorrect Default Permissions vulnerability in Apache Jspwiki Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. | 9.1 |
2021-11-19 | CVE-2021-36372 | Unspecified vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. | 9.8 |
2021-11-19 | CVE-2021-39231 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. | 9.1 |
2021-11-19 | CVE-2021-39233 | Unspecified vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. | 9.1 |
2021-11-16 | CVE-2021-37580 | Improper Authentication vulnerability in Apache Shenyu 2.3.0/2.4.0 A flaw was found in Apache ShenYu Admin. | 9.8 |
2021-11-11 | CVE-2021-43350 | Injection vulnerability in Apache Traffic Control An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter. | 9.8 |
2021-11-03 | CVE-2021-43082 | Classic Buffer Overflow vulnerability in Apache Traffic Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. | 9.8 |
2021-10-25 | CVE-2021-38294 | OS Command Injection vulnerability in Apache Storm A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. | 9.8 |
2021-10-25 | CVE-2021-40865 | Deserialization of Untrusted Data vulnerability in Apache Storm An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). | 9.8 |