High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-29	CVE-2021-27577	HTTP Request Smuggling vulnerability in multiple products Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. network low complexity apache debian CWE-444	7.5
2021-06-29	CVE-2021-32565	HTTP Request Smuggling vulnerability in multiple products Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. network low complexity apache debian CWE-444	7.5
2021-06-16	CVE-2021-30468	Infinite Loop vulnerability in multiple products A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. network low complexity apache oracle CWE-835	7.5
2021-06-16	CVE-2021-33813	XXE vulnerability in multiple products An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. network low complexity jdom apache debian fedoraproject oracle CWE-611	7.5
2021-06-15	CVE-2021-31618	NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. network low complexity apache fedoraproject debian oracle CWE-476	7.5
2021-06-10	CVE-2020-13950	NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service network low complexity apache debian fedoraproject oracle CWE-476	7.5
2021-06-10	CVE-2020-35452	Out-of-bounds Write vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. network low complexity apache debian fedoraproject oracle CWE-787	7.3
2021-06-10	CVE-2021-26690	NULL Pointer Dereference vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service network low complexity apache debian fedoraproject oracle CWE-476	7.5
2021-05-27	CVE-2020-17514	Unspecified vulnerability in Apache Fineract Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. network high complexity apache	7.4
2021-05-25	CVE-2021-23937	Information Exposure vulnerability in Apache Wicket A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. network low complexity apache CWE-200	7.5