Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-11986 | Unspecified vulnerability in Apache Netbeans To be able to analyze gradle projects, the build scripts need to be executed. | 9.8 |
| 2020-08-07 | CVE-2020-11984 | Classic Buffer Overflow vulnerability in multiple products Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | 9.8 |
| 2020-08-05 | CVE-2020-13921 | SQL Injection vulnerability in Apache Skywalking **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. | 9.8 |
| 2020-07-17 | CVE-2020-11982 | Deserialization of Untrusted Data vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 9.8 |
| 2020-07-17 | CVE-2020-11981 | OS Command Injection vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 9.8 |
| 2020-07-14 | CVE-2020-1948 | Deserialization of Untrusted Data vulnerability in Apache Dubbo This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. | 9.8 |
| 2020-07-14 | CVE-2020-13926 | SQL Injection vulnerability in Apache Kylin Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. | 9.8 |
| 2020-07-14 | CVE-2020-13925 | OS Command Injection vulnerability in Apache Kylin Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. | 9.8 |
| 2020-06-23 | CVE-2020-9480 | Missing Authentication for Critical Function vulnerability in multiple products In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. | 9.8 |
| 2020-06-22 | CVE-2020-11989 | Unspecified vulnerability in Apache Shiro Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 9.8 |