High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-29	CVE-2021-32565	HTTP Request Smuggling vulnerability in multiple products Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. network low complexity apache debian CWE-444	7.5
2021-06-16	CVE-2021-30468	Infinite Loop vulnerability in multiple products A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. network low complexity apache oracle CWE-835	7.5
2021-06-16	CVE-2021-33813	XXE vulnerability in multiple products An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. network low complexity jdom apache debian fedoraproject oracle CWE-611	7.5
2021-06-15	CVE-2021-31618	NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. network low complexity apache fedoraproject debian oracle CWE-476	7.5
2021-06-10	CVE-2020-13950	NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service network low complexity apache debian fedoraproject oracle CWE-476	7.5
2021-06-10	CVE-2020-35452	Out-of-bounds Write vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. network low complexity apache debian fedoraproject oracle CWE-787	7.3
2021-06-10	CVE-2021-26690	NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service network low complexity apache debian fedoraproject oracle CWE-476	7.5
2021-05-27	CVE-2020-17514	Unspecified vulnerability in Apache Fineract Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. network high complexity apache	7.4
2021-05-25	CVE-2021-23937	Information Exposure vulnerability in Apache Wicket A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. network low complexity apache CWE-200	7.5
2021-05-14	CVE-2021-27737	Unspecified vulnerability in Apache Traffic Server 9.0.0 Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin. network low complexity apache	7.5