Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-25 | CVE-2021-23901 | XXE vulnerability in multiple products An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. | 9.1 |
| 2021-01-25 | CVE-2020-17532 | Deserialization of Untrusted Data vulnerability in Apache Java Chassis When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. | 8.8 |
| 2021-01-19 | CVE-2020-11997 | Incorrect Default Permissions vulnerability in Apache Guacamole Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. | 4.3 |
| 2021-01-19 | CVE-2021-20190 | A flaw was found in jackson-databind before 2.9.10.7. | 8.1 |
| 2021-01-14 | CVE-2021-24122 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. | 5.9 |
| 2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |
| 2021-01-11 | CVE-2020-17534 | Race Condition vulnerability in Apache Html/Java API 1.7 There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. | 7.0 |
| 2021-01-11 | CVE-2020-17509 | HTTP Request Smuggling vulnerability in Apache Traffic Server ATS negative cache option is vulnerable to a cache poisoning attack. | 7.5 |
| 2021-01-11 | CVE-2020-17508 | Unspecified vulnerability in Apache Traffic Server The ATS ESI plugin has a memory disclosure vulnerability. | 7.5 |
| 2021-01-11 | CVE-2020-13922 | Incorrect Default Permissions vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1/1.3.1 Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | 6.5 |