| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2021-44549 | SMTPS server hostname not checked when making TLS connection to SMTPS server | Apache Software Foundation | Apache Sling Commons Messaging Mail | 高危 | - | 2021-12-14 15:15:10 | Deep Dive |
| CVE-2021-4104 | Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2 | Apache Software Foundation | Apache Log4j 1.x | 高危 | - | 2021-12-14 00:00:00 | Deep Dive |
| CVE-2021-44228 | Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints | Apache Software Foundation | Apache Log4j2 | 超危 | - | 2021-12-10 00:00:00 | Deep Dive |
| CVE-2021-43410 | airavata-django-portal allows CRLF log injection because of the lack of escaping in the log statements | Apache Software Foundation | Apache Airavata Django Portal | 中危 | - | 2021-12-09 09:00:12 | Deep Dive |
| CVE-2021-44140 | Arbitrary file deletion on logout | Apache Software Foundation | Apache JSPWiki | 超危 | - | 2021-11-24 11:15:14 | Deep Dive |
| CVE-2021-40369 | XSS vulnerability on Denounce plugin | Apache Software Foundation | Apache JSPWiki | 中危 | - | 2021-11-24 11:15:13 | Deep Dive |
| CVE-2021-43557 | Path traversal in request_uri variable | Apache Software Foundation | Apache APISIX | 高危 | - | 2021-11-22 08:25:09 | Deep Dive |
| CVE-2021-41532 | Unauthenticated access to Ozone Recon HTTP endpoints | Apache Software Foundation | Apache Ozone | 中危 | - | 2021-11-19 09:20:26 | Deep Dive |
| CVE-2021-39236 | Owners of the S3 tokens are not validated | Apache Software Foundation | Apache Ozone | 高危 | - | 2021-11-19 09:20:25 | Deep Dive |
| CVE-2021-39235 | Access mode of block tokens are not enforced | Apache Software Foundation | Apache Ozone | 中危 | - | 2021-11-19 09:20:23 | Deep Dive |
| CVE-2021-39234 | Raw block data can be read bypassing ACL/authorization | Apache Software Foundation | Apache Ozone | 中危 | - | 2021-11-19 09:20:22 | Deep Dive |
| CVE-2021-39233 | Container-related datanode operations can be called without authorization | Apache Software Foundation | Apache Ozone | 超危 | - | 2021-11-19 09:20:20 | Deep Dive |
| CVE-2021-39232 | Missing admin check for SCM related admin commands | Apache Software Foundation | Apache Ozone | 高危 | - | 2021-11-19 09:20:19 | Deep Dive |
| CVE-2021-39231 | Missing authentication/authorization on internal RPC endpoints | Apache Software Foundation | Apache Ozone | 超危 | - | 2021-11-19 09:20:17 | Deep Dive |
| CVE-2021-36372 | Original block tokens are persisted and can be retrieved | Apache Software Foundation | Apache Ozone | 超危 | - | 2021-11-19 09:20:16 | Deep Dive |
| CVE-2021-42250 | Possible log injection | Apache Software Foundation | Apache Superset | 中危 | - | 2021-11-17 15:10:10 | Deep Dive |
| CVE-2021-37580 | Apache ShenYu Admin bypass JWT authentication | Apache Software Foundation | Apache ShenYu Admin | 超危 | - | 2021-11-16 09:35:11 | Deep Dive |
| CVE-2021-41972 | Credentials leak | Apache Software Foundation | Apache Superset | 中危 | - | 2021-11-12 18:55:13 | Deep Dive |
| CVE-2021-43350 | LDAP filter injection vulnerability in Traffic Ops | Apache Software Foundation | Apache Traffic Control | 超危 | - | 2021-11-11 13:00:15 | Deep Dive |
| CVE-2021-26558 | Deserialization of Untrusted Data | Apache Software Foundation | Apache ShardingSphere-UI | 高危 | - | 2021-11-11 09:35:09 | Deep Dive |