Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-20 | CVE-2021-44224 | NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). | 8.2 |
| 2021-12-19 | CVE-2021-43083 | Integer Underflow (Wrap or Wraparound) vulnerability in Apache Plc4X Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. | 8.8 |
| 2021-12-14 | CVE-2021-44549 | Improper Certificate Validation vulnerability in Apache Sling Commons Messaging Mail 1.0.0 Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. | 7.4 |
| 2021-12-14 | CVE-2021-4104 | Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. | 7.5 |
| 2021-11-22 | CVE-2021-43557 | Command Injection vulnerability in Apache Apisix The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. | 7.5 |
| 2021-11-19 | CVE-2021-39232 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. | 8.8 |
| 2021-11-19 | CVE-2021-39236 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. | 8.8 |
| 2021-11-11 | CVE-2021-26558 | Deserialization of Untrusted Data vulnerability in Apache Shardingsphere-Ui 4.1.1 Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. | 7.5 |
| 2021-11-03 | CVE-2021-37147 | HTTP Request Smuggling vulnerability in multiple products Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2021-11-03 | CVE-2021-37148 | Improper Input Validation vulnerability in multiple products Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |