Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2020-17522 Incorrect Permission Assignment for Critical Resource vulnerability in Apache Traffic Control
When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers.
network
low complexity
apache CWE-732
5.8
2021-01-25 CVE-2021-23901 XXE vulnerability in multiple products
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18.
network
low complexity
apache netapp CWE-611
critical
9.1
2021-01-25 CVE-2020-17532 Deserialization of Untrusted Data vulnerability in Apache Java Chassis
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution.
network
low complexity
apache CWE-502
8.8
2021-01-19 CVE-2020-11997 Incorrect Default Permissions vulnerability in Apache Guacamole
Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility.
network
low complexity
apache CWE-276
4.3
2021-01-19 CVE-2021-20190 A flaw was found in jackson-databind before 2.9.10.7.
network
high complexity
fasterxml netapp apache debian oracle
8.1
2021-01-14 CVE-2021-24122 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations.
network
high complexity
apache debian oracle CWE-706
5.9
2021-01-14 CVE-2021-23926 XML Entity Expansion vulnerability in multiple products
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input.
network
low complexity
apache netapp debian oracle CWE-776
critical
9.1
2021-01-11 CVE-2020-17534 Race Condition vulnerability in Apache Html/Java API 1.7
There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7.
local
high complexity
apache CWE-362
7.0
2021-01-11 CVE-2020-17509 HTTP Request Smuggling vulnerability in Apache Traffic Server
ATS negative cache option is vulnerable to a cache poisoning attack.
network
low complexity
apache CWE-444
7.5
2021-01-11 CVE-2020-17508 Unspecified vulnerability in Apache Traffic Server
The ATS ESI plugin has a memory disclosure vulnerability.
network
low complexity
apache
7.5