Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-23 CVE-2022-34305 Cross-site Scripting vulnerability in Apache Tomcat
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
network
low complexity
apache CWE-79
6.1
2022-06-22 CVE-2022-32549 Improper Encoding or Escaping of Output vulnerability in Apache Sling API and Sling Commons LOG
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection.
network
low complexity
apache CWE-116
5.3
2022-06-09 CVE-2022-28330 Out-of-bounds Read vulnerability in Apache Http Server
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
network
low complexity
apache CWE-125
5.3
2022-06-09 CVE-2022-28614 Integer Overflow or Wraparound vulnerability in multiple products
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
network
low complexity
apache fedoraproject netapp CWE-190
5.3
2022-06-09 CVE-2022-24969 Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
network
low complexity
apache CWE-918
6.1
2022-05-31 CVE-2022-30973 Unspecified vulnerability in Apache Tika
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release.
local
low complexity
apache
5.5
2022-05-25 CVE-2022-29405 Unspecified vulnerability in Apache Archiva
In Apache Archiva, any registered user can reset password for any users.
network
low complexity
apache
6.5
2022-05-16 CVE-2022-25169 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
local
low complexity
apache oracle CWE-770
5.5
2022-05-16 CVE-2022-30126 In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file.
local
low complexity
apache oracle
5.5
2022-04-12 CVE-2021-28544 Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules.
network
low complexity
apache debian fedoraproject apple
4.3