Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-13 | CVE-2020-13957 | Incorrect Authorization vulnerability in Apache Solr Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. | 9.8 |
| 2020-10-13 | CVE-2018-20243 | Insufficiently Protected Credentials vulnerability in Apache Fineract The implementation of POST with the username and password in the URL parameters exposed the credentials. | 7.5 |
| 2020-10-12 | CVE-2020-15250 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. | 5.5 |
| 2020-10-12 | CVE-2020-13943 | If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. | 4.3 |
| 2020-10-09 | CVE-2020-13955 | Improper Certificate Validation vulnerability in Apache Calcite HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. | 5.9 |
| 2020-10-01 | CVE-2020-9491 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Nifi In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. | 7.5 |
| 2020-10-01 | CVE-2020-9487 | Missing Authentication for Critical Function vulnerability in Apache Nifi In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. | 7.5 |
| 2020-10-01 | CVE-2020-9486 | Information Exposure Through Log Files vulnerability in Apache Nifi In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. | 7.5 |
| 2020-10-01 | CVE-2020-13940 | XXE vulnerability in Apache Nifi In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. | 5.5 |
| 2020-10-01 | CVE-2020-11979 | As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. | 7.5 |