Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-09 CVE-2020-17528 Out-of-bounds Write vulnerability in Apache Nuttx
Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
network
low complexity
apache CWE-787
critical
9.1
2020-12-08 CVE-2020-17531 Unspecified vulnerability in Apache Tapestry
A Java Serialization vulnerability was found in Apache Tapestry 4.
network
low complexity
apache
critical
9.8
2020-11-24 CVE-2020-13942 Injection vulnerability in Apache Unomi 1.5.0/1.5.1
It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint.
network
low complexity
apache CWE-74
critical
9.8
2020-11-10 CVE-2020-13927 Insecure Default Initialization of Resource vulnerability in Apache Airflow
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact.
network
low complexity
apache CWE-1188
critical
9.8
2020-11-05 CVE-2020-17510 Improper Authentication vulnerability in multiple products
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
network
low complexity
apache debian CWE-287
critical
9.8
2020-10-13 CVE-2020-13957 Incorrect Authorization vulnerability in Apache Solr
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization.
network
low complexity
apache CWE-863
critical
9.8
2020-09-14 CVE-2019-0230 Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
network
low complexity
apache oracle
critical
9.8
2020-09-10 CVE-2020-11998 A regression has been introduced in the commit preventing JMX re-bind.
network
low complexity
apache oracle
critical
9.8
2020-09-09 CVE-2020-11986 Unspecified vulnerability in Apache Netbeans
To be able to analyze gradle projects, the build scripts need to be executed.
network
low complexity
apache
critical
9.8
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
9.8