Vulnerabilities > Apache > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-23 | CVE-2022-34305 | Cross-site Scripting vulnerability in Apache Tomcat In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. | 6.1 |
2022-06-22 | CVE-2022-32549 | Improper Encoding or Escaping of Output vulnerability in Apache Sling API and Sling Commons LOG Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. | 5.3 |
2022-06-09 | CVE-2022-28330 | Out-of-bounds Read vulnerability in Apache Http Server Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. | 5.3 |
2022-06-09 | CVE-2022-28614 | Integer Overflow or Wraparound vulnerability in multiple products The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. | 5.3 |
2022-06-09 | CVE-2022-24969 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | 6.1 |
2022-05-31 | CVE-2022-30973 | Unspecified vulnerability in Apache Tika We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. | 5.5 |
2022-05-25 | CVE-2022-29405 | Unspecified vulnerability in Apache Archiva In Apache Archiva, any registered user can reset password for any users. | 6.5 |
2022-05-16 | CVE-2022-25169 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. | 5.5 |
2022-05-16 | CVE-2022-30126 | In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. | 5.5 |
2022-04-12 | CVE-2021-28544 | Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. | 4.3 |