Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-1948 | Deserialization of Untrusted Data vulnerability in Apache Dubbo This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. | 7.5 |
| 2020-07-14 | CVE-2020-13926 | SQL Injection vulnerability in Apache Kylin Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. | 9.8 |
| 2020-07-14 | CVE-2020-13925 | OS Command Injection vulnerability in Apache Kylin Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. | 9.8 |
| 2020-07-08 | CVE-2020-11994 | Injection vulnerability in multiple products Server-Side Template Injection and arbitrary file disclosure on Camel templating components | 7.5 |
| 2020-07-02 | CVE-2020-9498 | Out-of-bounds Write vulnerability in multiple products Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. | 6.7 |
| 2020-07-02 | CVE-2020-9497 | Improper Input Validation vulnerability in multiple products Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. | 4.4 |
| 2020-06-30 | CVE-2020-9483 | SQL Injection vulnerability in Apache Skywalking **Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. | 5.0 |
| 2020-06-29 | CVE-2020-8022 | Incorrect Default Permissions vulnerability in multiple products A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. | 7.8 |
| 2020-06-26 | CVE-2020-11996 | A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. | 7.5 |
| 2020-06-26 | CVE-2020-10727 | Insufficiently Protected Credentials vulnerability in multiple products A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. | 2.1 |