Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2020-9492 | Incorrect Authorization vulnerability in multiple products In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. | 8.8 |
| 2021-01-26 | CVE-2020-36230 | Reachable Assertion vulnerability in multiple products A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | 7.5 |
| 2021-01-26 | CVE-2020-17522 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Traffic Control When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. | 5.8 |
| 2021-01-25 | CVE-2021-23901 | XXE vulnerability in multiple products An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. | 9.1 |
| 2021-01-25 | CVE-2020-17532 | Deserialization of Untrusted Data vulnerability in Apache Java Chassis When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. | 6.0 |
| 2021-01-19 | CVE-2020-11997 | Incorrect Default Permissions vulnerability in Apache Guacamole Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. | 4.0 |
| 2021-01-19 | CVE-2021-20190 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was found in jackson-databind before 2.9.10.7. | 8.1 |
| 2021-01-14 | CVE-2021-24122 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. | 5.9 |
| 2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |
| 2021-01-11 | CVE-2020-17534 | Race Condition vulnerability in Apache Html/Java API 1.7 There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. | 4.4 |