Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-26 CVE-2021-33900 Cleartext Transmission of Sensitive Information vulnerability in Apache Directory Studio
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used.
network
low complexity
apache CWE-319
7.5
7.5
2021-07-22 CVE-2021-28131 Information Exposure Through Log Files vulnerability in Apache Impala
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user.
network
high complexity
apache CWE-532
7.5
7.5
2021-07-13 CVE-2021-35515 Infinite Loop vulnerability in multiple products
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop.
network
low complexity
apache netapp oracle CWE-835
7.5
7.5
2021-07-13 CVE-2021-35516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache netapp oracle CWE-770
7.5
7.5
2021-07-13 CVE-2021-35517 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache netapp oracle CWE-770
7.5
7.5
2021-07-13 CVE-2021-36090 When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache oracle netapp
7.5
7.5
2021-07-12 CVE-2021-30639 Improper Handling of Exceptional Conditions vulnerability in multiple products
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service.
network
low complexity
apache mcafee oracle CWE-755
7.5
7.5
2021-06-30 CVE-2021-32566 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-06-30 CVE-2021-32567 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-06-29 CVE-2021-27577 HTTP Request Smuggling vulnerability in multiple products
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache.
network
low complexity
apache debian CWE-444
7.5
7.5