Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-17 | CVE-2020-11982 | Deserialization of Untrusted Data vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 9.8 |
| 2020-07-17 | CVE-2020-11981 | OS Command Injection vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 9.8 |
| 2020-07-17 | CVE-2020-11978 | OS Command Injection vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 8.8 |
| 2020-07-15 | CVE-2020-9496 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz 17.12.03 XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 | 6.1 |
| 2020-07-15 | CVE-2020-13923 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 | 5.3 |
| 2020-07-14 | CVE-2020-13935 | Infinite Loop vulnerability in multiple products The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. | 7.5 |
| 2020-07-14 | CVE-2020-13934 | Memory Leak vulnerability in multiple products An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. | 7.5 |
| 2020-07-14 | CVE-2020-1948 | Deserialization of Untrusted Data vulnerability in Apache Dubbo This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. | 9.8 |
| 2020-07-14 | CVE-2020-13926 | SQL Injection vulnerability in Apache Kylin Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. | 9.8 |
| 2020-07-14 | CVE-2020-13925 | OS Command Injection vulnerability in Apache Kylin Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. | 9.8 |