Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-17528 | Out-of-bounds Write vulnerability in Apache Nuttx Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet. | 9.1 |
| 2020-12-08 | CVE-2020-17531 | Unspecified vulnerability in Apache Tapestry A Java Serialization vulnerability was found in Apache Tapestry 4. | 9.8 |
| 2020-12-07 | CVE-2020-17521 | Apache Groovy provides extension methods to aid with creating temporary directories. | 5.5 |
| 2020-12-07 | CVE-2020-13945 | Unspecified vulnerability in Apache Apisix In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. | 6.5 |
| 2020-12-03 | CVE-2020-17527 | Information Exposure vulnerability in multiple products While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. | 7.5 |
| 2020-12-03 | CVE-2020-25649 | XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. | 7.5 |
| 2020-12-02 | CVE-2020-13956 | Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | 5.3 |
| 2020-12-01 | CVE-2020-11990 | Unspecified vulnerability in Apache Cordova 4.1.0 We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. | 3.3 |
| 2020-11-28 | CVE-2020-27218 | In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. | 4.8 |
| 2020-11-24 | CVE-2020-13942 | Injection vulnerability in Apache Unomi 1.5.0/1.5.1 It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. | 9.8 |