Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-1943 Cross-site Scripting vulnerability in Apache Ofbiz
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
network
low complexity
apache CWE-79
6.1
6.1
2020-03-30 CVE-2019-17561 Improper Verification of Cryptographic Signature vulnerability in multiple products
The "Apache NetBeans" autoupdate system does not fully validate code signatures.
network
low complexity
apache oracle CWE-347
5.0
5.0
2020-03-30 CVE-2019-17560 Improper Certificate Validation vulnerability in multiple products
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads.
network
low complexity
apache oracle CWE-295
critical
 9.1
9.1
2020-03-25 CVE-2020-1957 Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
network
low complexity
apache debian
critical
 9.8
9.8
2020-03-23 CVE-2020-1944 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17565 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17559 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2020-1951 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-835
5.5
5.5
2020-03-23 CVE-2020-1950 Resource Exhaustion vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-400
5.5
5.5
2020-03-19 CVE-2019-12416 Injection vulnerability in Apache Deltaspike
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js.
network
low complexity
apache CWE-74
6.1
6.1