Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-03 CVE-2021-37147 Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian
7.5
2021-11-03 CVE-2021-37148 Improper Input Validation vulnerability in multiple products
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-20
7.5
2021-11-03 CVE-2021-37149 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-20
7.5
2021-11-03 CVE-2021-38161 Improper Authentication vulnerability in multiple products
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.
network
high complexity
apache debian CWE-287
8.1
2021-11-03 CVE-2021-41585 Improper Input Validation vulnerability in Apache Traffic Server
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections.
network
low complexity
apache CWE-20
7.5
2021-11-01 CVE-2021-27644 SQL Injection vulnerability in Apache Dolphinscheduler
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center.
network
low complexity
apache CWE-89
8.8
2021-10-18 CVE-2021-41971 SQL Injection vulnerability in Apache Superset
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
network
low complexity
apache CWE-89
8.8
2021-10-14 CVE-2021-38295 Cross-site Scripting vulnerability in Apache Couchdb
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document.
local
low complexity
apache CWE-79
7.3
2021-10-14 CVE-2021-42340 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak.
network
low complexity
apache netapp debian oracle CWE-772
7.5
2021-10-11 CVE-2021-41830 Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source.
network
low complexity
apache CWE-347
7.5