Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-11 | CVE-2020-11995 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. | 9.8 |
| 2021-01-05 | CVE-2020-17519 | Files or Directories Accessible to External Parties vulnerability in Apache Flink 1.11.0/1.11.1/1.11.2 A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. | 7.5 |
| 2021-01-05 | CVE-2020-17518 | Path Traversal vulnerability in Apache Flink Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. | 7.5 |
| 2020-12-29 | CVE-2020-17533 | Unspecified vulnerability in Apache Accumulo Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. | 8.1 |
| 2020-12-21 | CVE-2020-17526 | Unspecified vulnerability in Apache Airflow Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. | 7.7 |
| 2020-12-18 | CVE-2020-17520 | Unspecified vulnerability in Apache Pulsar Manager 0.1.0 In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API. | 6.5 |
| 2020-12-18 | CVE-2020-11974 | Unspecified vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1 In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. | 9.8 |
| 2020-12-18 | CVE-2020-28052 | An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. | 8.1 |
| 2020-12-18 | CVE-2020-13931 | Unspecified vulnerability in Apache Tomee If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. | 9.8 |
| 2020-12-14 | CVE-2020-17513 | Server-Side Request Forgery (SSRF) vulnerability in Apache Airflow In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. | 5.3 |