Vulnerabilities > Apache > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-11 | CVE-2021-41832 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. | 7.5 |
2021-10-07 | CVE-2021-28129 | Unspecified vulnerability in Apache Openoffice 4.1.8 While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. | 7.8 |
2021-10-05 | CVE-2021-41524 | NULL Pointer Dereference vulnerability in multiple products While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. | 7.5 |
2021-10-05 | CVE-2021-41773 | Path Traversal vulnerability in multiple products A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. | 7.5 |
2021-09-23 | CVE-2021-33035 | Classic Buffer Overflow vulnerability in Apache Openoffice Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. | 7.8 |
2021-09-19 | CVE-2021-40690 | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. | 7.5 |
2021-09-16 | CVE-2021-34798 | NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. | 7.5 |
2021-09-16 | CVE-2021-36160 | Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). | 7.5 |
2021-09-16 | CVE-2021-39239 | XXE vulnerability in Apache Jena A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. | 7.5 |
2021-09-16 | CVE-2021-41079 | Infinite Loop vulnerability in multiple products Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. | 7.5 |