Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

...

Apache PLC4X - PLC4C 数字错误漏洞

Apache PLC4X - PLC4C is a generic adapter for industrial communication protocols from the Apache Foundation, U.S.A. A security vulnerability exists in Apache PLC4X - PLC4C only the C language version is affected versions prior to 0.9.1. No detailed vulnerability details are available at this time...

Apache httpd -- multiple vulnerabilities

The Apache project reports: moderate: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 moderate: NULL pointer dereference in httpd core CVE-2021-34798 moderate: modproxyuwsgi out of bound read CVE-2021-36160 low: apescapequotes buffer overflow CVE-2021-39275 high: modprox...

mod_fcgid -- possible heap buffer overwrite

Apache Project reports: Fix possible heap buffer overwrite...

tomcat -- XSS vulnerability in sample applications

The Apache Project reports: The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the outpu...