Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-06-03 CVE-2020-1963 Missing Authorization vulnerability in Apache Ignite
Apache Ignite uses H2 database to build SQL distributed execution engine.
network
low complexity
apache CWE-862
critical
9.1
2020-05-21 CVE-2018-21234 Deserialization of Untrusted Data vulnerability in multiple products
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.
network
low complexity
jodd apache CWE-502
critical
9.8
2020-05-20 CVE-2020-1955 Missing Authentication for Critical Function vulnerability in Apache Couchdb 3.0.0
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`.
network
low complexity
apache CWE-306
critical
9.8
2020-05-14 CVE-2020-11973 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel Netty enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
9.8
2020-05-14 CVE-2020-11972 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel RabbitMQ enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
9.8
2020-05-14 CVE-2019-17562 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Cloudstack
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack.
network
low complexity
apache CWE-119
critical
9.8
2020-05-12 CVE-2020-1939 NULL Pointer Dereference vulnerability in Apache Nuttx
The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs.
network
low complexity
apache CWE-476
critical
9.8
2020-05-11 CVE-2018-1285 XXE vulnerability in multiple products
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files.
network
low complexity
apache fedoraproject oracle netapp CWE-611
critical
9.8
2020-05-04 CVE-2020-1961 Injection vulnerability in Apache Syncope
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.
network
low complexity
apache CWE-74
critical
9.8
2020-05-04 CVE-2020-1959 Expression Language Injection vulnerability in Apache Syncope
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability.
network
low complexity
apache CWE-917
critical
9.8