Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-03 | CVE-2020-17523 | Improper Authentication vulnerability in Apache Shiro Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | 9.8 |
| 2021-01-25 | CVE-2021-23901 | XXE vulnerability in multiple products An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. | 9.1 |
| 2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |
| 2021-01-11 | CVE-2020-11995 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. | 9.8 |
| 2020-12-18 | CVE-2020-11974 | Unspecified vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1 In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. | 9.8 |
| 2020-12-18 | CVE-2020-13931 | Unspecified vulnerability in Apache Tomee If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. | 9.8 |
| 2020-12-11 | CVE-2020-17530 | Expression Language Injection vulnerability in multiple products Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 9.8 |
| 2020-12-09 | CVE-2020-17529 | Out-of-bounds Write vulnerability in Apache Nuttx Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. | 9.8 |
| 2020-12-09 | CVE-2020-17528 | Out-of-bounds Write vulnerability in Apache Nuttx Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet. | 9.1 |
| 2020-12-08 | CVE-2020-17531 | Deserialization of Untrusted Data vulnerability in Apache Tapestry A Java Serialization vulnerability was found in Apache Tapestry 4. | 9.8 |