Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-10-07 CVE-2021-42013 It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient.
network
low complexity
apache fedoraproject oracle netapp
critical
9.8
2021-09-30 CVE-2021-41616 Deserialization of Untrusted Data vulnerability in Apache Ddlutils 1.0
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features.
network
low complexity
apache CWE-502
critical
9.8
2021-09-17 CVE-2021-41303 Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass.
network
low complexity
apache oracle
critical
9.8
2021-09-16 CVE-2021-39275 Out-of-bounds Write vulnerability in multiple products
ap_escape_quotes() may write beyond the end of a buffer when given malicious input.
network
low complexity
apache fedoraproject debian netapp oracle siemens CWE-787
critical
9.8
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
9.0
2021-09-11 CVE-2021-38555 XXE vulnerability in Apache Any23
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5.
network
low complexity
apache CWE-611
critical
9.1
2021-09-11 CVE-2021-40146 Unspecified vulnerability in Apache Any23
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5.
network
low complexity
apache
critical
9.8
2021-09-09 CVE-2021-38540 Missing Authentication for Critical Function vulnerability in Apache Airflow
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3.
network
low complexity
apache CWE-306
critical
9.8
2021-09-09 CVE-2021-36161 Use of Externally-Controlled Format String vulnerability in Apache Dubbo
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method.
network
low complexity
apache CWE-134
critical
9.8
2021-09-09 CVE-2021-37579 Deserialization of Untrusted Data vulnerability in Apache Dubbo
The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server.
network
low complexity
apache CWE-502
critical
9.8