Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2020-08-07 CVE-2020-11985 Insufficient Verification of Data Authenticity vulnerability in Apache Http Server
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts.
network
low complexity
apache CWE-345
5.3
5.3
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
 9.8
9.8
2020-08-05 CVE-2020-13921 SQL Injection vulnerability in Apache Skywalking
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.
network
low complexity
apache CWE-89
critical
 9.8
9.8
2020-07-20 CVE-2020-13932 Cross-site Scripting vulnerability in Apache Activemq Artemis
In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability.
network
low complexity
apache CWE-79
6.1
6.1
2020-07-17 CVE-2020-9485 Cross-site Scripting vulnerability in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below.
network
low complexity
apache CWE-79
6.1
6.1
2020-07-17 CVE-2020-11983 Cross-site Scripting vulnerability in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below.
network
low complexity
apache CWE-79
5.4
5.4
2020-07-17 CVE-2020-11982 Deserialization of Untrusted Data vulnerability in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2020-07-17 CVE-2020-11981 OS Command Injection vulnerability in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below.
network
low complexity
apache CWE-78
critical
 9.8
9.8
2020-07-17 CVE-2020-11978 OS Command Injection vulnerability in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below.
network
low complexity
apache CWE-78
8.8
8.8
2020-07-15 CVE-2020-9496 Deserialization of Untrusted Data vulnerability in Apache Ofbiz 17.12.03
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
network
low complexity
apache CWE-502
6.1
6.1