High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-05	CVE-2021-41524	NULL Pointer Dereference vulnerability in multiple products While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. network low complexity apache fedoraproject oracle netapp CWE-476	7.5
2021-10-05	CVE-2021-41773	Path Traversal vulnerability in multiple products A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. network low complexity apache fedoraproject oracle netapp CWE-22	7.5
2021-09-23	CVE-2021-33035	Classic Buffer Overflow vulnerability in Apache Openoffice Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. local low complexity apache CWE-120	7.8
2021-09-19	CVE-2021-40690	Information Exposure vulnerability in multiple products All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. network low complexity apache debian oracle CWE-200	7.5
2021-09-16	CVE-2021-34798	NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. network low complexity apache fedoraproject debian netapp tenable oracle broadcom siemens CWE-476	7.5
2021-09-16	CVE-2021-36160	Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). network low complexity apache fedoraproject debian netapp oracle broadcom CWE-125	7.5
2021-09-16	CVE-2021-39239	XXE vulnerability in Apache Jena A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. network low complexity apache CWE-611	7.5
2021-09-16	CVE-2021-41079	Infinite Loop vulnerability in multiple products Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. network low complexity apache debian netapp CWE-835	7.5
2021-09-07	CVE-2021-36162	Unspecified vulnerability in Apache Dubbo Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). network low complexity apache	8.8
2021-09-02	CVE-2020-13929	Unspecified vulnerability in Apache Zeppelin Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. network low complexity apache	7.5