Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-11 | CVE-2020-17509 | HTTP Request Smuggling vulnerability in Apache Traffic Server ATS negative cache option is vulnerable to a cache poisoning attack. | 4.3 |
| 2021-01-11 | CVE-2020-17508 | Information Exposure vulnerability in Apache Traffic Server The ATS ESI plugin has a memory disclosure vulnerability. | 5.0 |
| 2021-01-11 | CVE-2020-13922 | Incorrect Default Permissions vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1/1.3.1 Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | 6.5 |
| 2021-01-11 | CVE-2020-11995 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. | 7.5 |
| 2021-01-05 | CVE-2020-17519 | Files or Directories Accessible to External Parties vulnerability in Apache Flink 1.11.0/1.11.1/1.11.2 A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. | 7.5 |
| 2021-01-05 | CVE-2020-17518 | Path Traversal vulnerability in Apache Flink Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. | 7.5 |
| 2020-12-29 | CVE-2020-17533 | Unchecked Return Value vulnerability in Apache Accumulo Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. | 8.1 |
| 2020-12-21 | CVE-2020-17526 | Unspecified vulnerability in Apache Airflow Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. | 7.7 |
| 2020-12-18 | CVE-2020-17520 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Pulsar Manager 0.1.0 In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API. | 4.0 |
| 2020-12-18 | CVE-2020-11974 | Unspecified vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1 In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. | 9.8 |