Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2020-05-14 CVE-2020-1941 Cross-site Scripting vulnerability in multiple products
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
network
low complexity
apache oracle CWE-79
6.1
2020-05-14 CVE-2020-11973 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel Netty enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
9.8
2020-05-14 CVE-2020-11972 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel RabbitMQ enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
9.8
2020-05-14 CVE-2020-11971 Apache Camel's JMX is vulnerable to Rebind Flaw.
network
low complexity
apache oracle
7.5
2020-05-14 CVE-2019-17572 Path Traversal vulnerability in Apache Rocketmq
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability.
network
low complexity
apache CWE-22
5.3
2020-05-14 CVE-2019-17562 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Cloudstack
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack.
network
low complexity
apache CWE-119
critical
9.8
2020-05-14 CVE-2020-1945 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information.
6.3
2020-05-12 CVE-2020-1939 NULL Pointer Dereference vulnerability in Apache Nuttx
The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs.
network
low complexity
apache CWE-476
critical
9.8
2020-05-11 CVE-2018-1285 XXE vulnerability in multiple products
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files.
network
low complexity
apache fedoraproject oracle netapp CWE-611
critical
9.8
2020-05-04 CVE-2020-1961 Injection vulnerability in Apache Syncope
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.
network
low complexity
apache CWE-74
critical
9.8