Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-04 CVE-2021-40110 Unspecified vulnerability in Apache James 2.2.0/3.3.0/3.4.0
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression.
network
low complexity
apache
7.5
2021-12-20 CVE-2021-41561 Improper Input Validation vulnerability in Apache Parquet-Mr
Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files.
network
low complexity
apache CWE-20
7.5
2021-12-20 CVE-2021-44224 NULL Pointer Dereference vulnerability in multiple products
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).
8.2
2021-12-19 CVE-2021-43083 Integer Underflow (Wrap or Wraparound) vulnerability in Apache Plc4X
Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport.
network
low complexity
apache CWE-191
8.8
2021-12-14 CVE-2021-44549 Improper Certificate Validation vulnerability in Apache Sling Commons Messaging Mail 1.0.0
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS.
network
high complexity
apache CWE-295
7.4
2021-12-14 CVE-2021-4104 Deserialization of Untrusted Data vulnerability in multiple products
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration.
network
high complexity
apache fedoraproject redhat oracle CWE-502
7.5
2021-11-22 CVE-2021-43557 Command Injection vulnerability in Apache Apisix
The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification.
network
low complexity
apache CWE-77
7.5
2021-11-19 CVE-2021-39232 Missing Authorization vulnerability in Apache Ozone
In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.
network
low complexity
apache CWE-862
8.8
2021-11-19 CVE-2021-39236 Missing Authorization vulnerability in Apache Ozone
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
network
low complexity
apache CWE-862
8.8
2021-11-11 CVE-2021-26558 Deserialization of Untrusted Data vulnerability in Apache Shardingsphere-Ui 4.1.1
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources.
network
low complexity
apache CWE-502
7.5