Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-19 CVE-2021-39232 Missing Authorization vulnerability in Apache Ozone
In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.
network
low complexity
apache CWE-862
8.8
8.8
2021-11-19 CVE-2021-39236 Missing Authorization vulnerability in Apache Ozone
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
network
low complexity
apache CWE-862
8.8
8.8
2021-11-11 CVE-2021-26558 Deserialization of Untrusted Data vulnerability in Apache Shardingsphere-Ui 4.1.1
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources.
network
low complexity
apache CWE-502
7.5
7.5
2021-11-03 CVE-2021-37147 Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian
7.5
7.5
2021-11-03 CVE-2021-37148 Improper Input Validation vulnerability in multiple products
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-11-03 CVE-2021-37149 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-11-03 CVE-2021-38161 Improper Authentication vulnerability in multiple products
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.
network
high complexity
apache debian CWE-287
8.1
8.1
2021-11-03 CVE-2021-41585 Improper Input Validation vulnerability in Apache Traffic Server
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections.
network
low complexity
apache CWE-20
7.5
7.5
2021-11-01 CVE-2021-27644 SQL Injection vulnerability in Apache Dolphinscheduler
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center.
network
low complexity
apache CWE-89
8.8
8.8
2021-10-18 CVE-2021-41971 SQL Injection vulnerability in Apache Superset
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
network
low complexity
apache CWE-89
8.8
8.8