Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-11 CVE-2021-41832 Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source.
network
low complexity
apache CWE-347
7.5
2021-10-07 CVE-2021-28129 Unspecified vulnerability in Apache Openoffice 4.1.8
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500.
local
low complexity
apache
7.8
2021-10-05 CVE-2021-41524 NULL Pointer Dereference vulnerability in multiple products
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server.
network
low complexity
apache fedoraproject oracle netapp CWE-476
7.5
2021-10-05 CVE-2021-41773 Path Traversal vulnerability in multiple products
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49.
network
low complexity
apache fedoraproject oracle netapp CWE-22
7.5
2021-09-23 CVE-2021-33035 Classic Buffer Overflow vulnerability in Apache Openoffice
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets.
local
low complexity
apache CWE-120
7.8
2021-09-19 CVE-2021-40690 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache debian oracle
7.5
2021-09-16 CVE-2021-34798 NULL Pointer Dereference vulnerability in multiple products
Malformed requests may cause the server to dereference a NULL pointer.
7.5
2021-09-16 CVE-2021-36160 Out-of-bounds Read vulnerability in multiple products
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).
7.5
2021-09-16 CVE-2021-39239 XXE vulnerability in Apache Jena
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
network
low complexity
apache CWE-611
7.5
2021-09-16 CVE-2021-41079 Infinite Loop vulnerability in multiple products
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets.
network
low complexity
apache debian netapp CWE-835
7.5