Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-13941 | Improper Input Validation vulnerability in Apache Solr Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. | 8.8 |
| 2020-08-11 | CVE-2020-11976 | Files or Directories Accessible to External Parties vulnerability in Apache Fortress and Wicket By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. | 7.5 |
| 2020-08-07 | CVE-2020-9490 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. | 7.5 |
| 2020-08-07 | CVE-2020-11993 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. | 7.5 |
| 2020-08-07 | CVE-2020-11985 | Insufficient Verification of Data Authenticity vulnerability in Apache Http Server IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. | 5.3 |
| 2020-08-07 | CVE-2020-11984 | Classic Buffer Overflow vulnerability in multiple products Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | 9.8 |
| 2020-08-05 | CVE-2020-13921 | SQL Injection vulnerability in Apache Skywalking **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. | 9.8 |
| 2020-07-20 | CVE-2020-13932 | Cross-site Scripting vulnerability in Apache Activemq Artemis In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. | 6.1 |
| 2020-07-17 | CVE-2020-9485 | Cross-site Scripting vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 6.1 |
| 2020-07-17 | CVE-2020-11983 | Cross-site Scripting vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 5.4 |