Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-09 | CVE-2022-28330 | Out-of-bounds Read vulnerability in Apache Http Server Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. | 5.3 |
| 2022-06-09 | CVE-2022-28614 | Integer Overflow or Wraparound vulnerability in multiple products The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. | 5.3 |
| 2022-06-09 | CVE-2022-24969 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | 6.1 |
| 2022-05-31 | CVE-2022-30973 | Unspecified vulnerability in Apache Tika We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. | 5.5 |
| 2022-05-25 | CVE-2022-29405 | Unspecified vulnerability in Apache Archiva In Apache Archiva, any registered user can reset password for any users. | 6.5 |
| 2022-05-16 | CVE-2022-25169 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. | 5.5 |
| 2022-05-16 | CVE-2022-30126 | In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. | 5.5 |
| 2022-04-12 | CVE-2021-28544 | Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. | 4.3 |
| 2022-04-06 | CVE-2022-26850 | Exposure of Resource to Wrong Sphere vulnerability in Apache Nifi 1.14.0/1.15.0/1.15.3 When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. | 4.3 |
| 2022-03-04 | CVE-2022-26336 | A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. | 5.5 |