Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-16 | CVE-2020-1964 | Deserialization of Untrusted Data vulnerability in Apache Heron 0.20.0Incubating/0.20.1Incubating/0.20.2Incubating It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data). | 9.8 |
| 2020-04-02 | CVE-2020-1927 | Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | 6.1 |
| 2020-04-01 | CVE-2020-1958 | Injection vulnerability in Apache Druid 0.17.0 When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. | 6.5 |
| 2020-04-01 | CVE-2019-17564 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. | 9.8 |
| 2020-04-01 | CVE-2018-11802 | Incorrect Authorization vulnerability in Apache Solr In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. | 4.3 |
| 2020-04-01 | CVE-2020-1954 | Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. | 5.3 |
| 2020-04-01 | CVE-2020-1934 | Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | 5.3 |
| 2020-04-01 | CVE-2020-1949 | Cross-site Scripting vulnerability in Apache Sling CMS Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. | 6.1 |
| 2020-04-01 | CVE-2020-1943 | Cross-site Scripting vulnerability in Apache Ofbiz Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. | 6.1 |
| 2020-03-30 | CVE-2019-17561 | Improper Verification of Cryptographic Signature vulnerability in multiple products The "Apache NetBeans" autoupdate system does not fully validate code signatures. | 7.5 |