Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-36163 Deserialization of Untrusted Data vulnerability in Apache Dubbo
In Apache Dubbo, users may choose to use the Hessian protocol.
network
low complexity
apache CWE-502
critical
9.8
2021-09-02 CVE-2019-10095 Command Injection vulnerability in Apache Zeppelin
bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings.
network
low complexity
apache CWE-77
critical
9.8
2021-08-24 CVE-2021-33191 OS Command Injection vulnerability in Apache Nifi Minifi C++ 0.5.0/0.6.0/0.9.0
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary.
network
low complexity
apache CWE-78
critical
9.8
2021-08-18 CVE-2021-37608 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Ofbiz
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands.
network
low complexity
apache CWE-434
critical
9.8
2021-07-29 CVE-2021-37578 Deserialization of Untrusted Data vulnerability in Apache Juddi
Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services.
network
low complexity
apache CWE-502
critical
9.8
2021-06-30 CVE-2021-35474 Out-of-bounds Write vulnerability in multiple products
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.
network
low complexity
apache debian CWE-787
critical
9.8
2021-06-21 CVE-2021-26461 Integer Overflow or Wraparound vulnerability in Apache Nuttx
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign.
network
low complexity
apache CWE-190
critical
9.8
2021-06-16 CVE-2020-9493 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
network
low complexity
apache qos CWE-502
critical
9.8
2021-06-10 CVE-2021-26691 Out-of-bounds Write vulnerability in multiple products
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
network
low complexity
apache debian fedoraproject oracle netapp CWE-787
critical
9.8
2021-06-01 CVE-2021-25641 Deserialization of Untrusted Data vulnerability in Apache Dubbo
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on.
network
low complexity
apache CWE-502
critical
9.8