Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-24 | CVE-2021-33191 | OS Command Injection vulnerability in Apache Nifi Minifi C++ 0.5.0/0.6.0/0.9.0 From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. | 9.8 |
| 2021-08-18 | CVE-2021-37608 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Ofbiz Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. | 9.8 |
| 2021-07-29 | CVE-2021-37578 | Deserialization of Untrusted Data vulnerability in Apache Juddi Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. | 9.8 |
| 2021-06-30 | CVE-2021-35474 | Out-of-bounds Write vulnerability in multiple products Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. | 9.8 |
| 2021-06-21 | CVE-2021-26461 | Integer Overflow or Wraparound vulnerability in Apache Nuttx Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. | 9.8 |
| 2021-06-16 | CVE-2020-9493 | Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. | 9.8 |
| 2021-06-10 | CVE-2021-26691 | Out-of-bounds Write vulnerability in multiple products In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | 9.8 |
| 2021-06-01 | CVE-2021-25641 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. | 9.8 |
| 2021-06-01 | CVE-2021-30179 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. | 9.8 |
| 2021-06-01 | CVE-2021-30180 | HTTP Request Smuggling vulnerability in Apache Dubbo Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. | 9.8 |