Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-14 | CVE-2021-38295 | Cross-site Scripting vulnerability in Apache Couchdb In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. | 7.3 |
| 2021-10-14 | CVE-2021-42340 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. | 7.5 |
| 2021-10-11 | CVE-2021-41830 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. | 7.5 |
| 2021-10-11 | CVE-2021-41832 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. | 7.5 |
| 2021-10-07 | CVE-2021-28129 | Unspecified vulnerability in Apache Openoffice 4.1.8 While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. | 7.8 |
| 2021-10-05 | CVE-2021-41524 | NULL Pointer Dereference vulnerability in multiple products While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. | 7.5 |
| 2021-10-05 | CVE-2021-41773 | Path Traversal vulnerability in multiple products A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. | 7.5 |
| 2021-09-23 | CVE-2021-33035 | Classic Buffer Overflow vulnerability in Apache Openoffice Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. | 7.8 |
| 2021-09-19 | CVE-2021-40690 | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. | 7.5 |
| 2021-09-16 | CVE-2021-34798 | NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. | 7.5 |