Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-10 | CVE-2020-13938 | Missing Authorization vulnerability in multiple products Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | 5.5 |
| 2021-06-10 | CVE-2021-30641 | Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' | 5.3 |
| 2021-06-08 | CVE-2021-33190 | Improper Restriction of Excessive Authentication Attempts vulnerability in Apache Apisix Dashboard 2.6 In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. | 5.3 |
| 2021-06-07 | CVE-2021-29621 | Information Exposure Through Discrepancy vulnerability in multiple products Flask-AppBuilder is a development framework, built on top of Flask. | 5.3 |
| 2021-06-01 | CVE-2021-25640 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | 6.1 |
| 2021-05-02 | CVE-2021-28359 | Cross-site Scripting vulnerability in Apache Airflow The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | 6.1 |
| 2021-04-27 | CVE-2021-28125 | Open Redirect vulnerability in Apache Superset Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. | 6.1 |
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2021-03-31 | CVE-2021-28657 | Infinite Loop vulnerability in multiple products A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. | 5.5 |
| 2021-03-19 | CVE-2021-27906 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. | 5.5 |