Vulnerabilities > Apache > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-27 | CVE-2020-1952 | Improper Certificate Validation vulnerability in Apache Iotdb An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. | 9.8 |
2020-04-16 | CVE-2020-1964 | Deserialization of Untrusted Data vulnerability in Apache Heron 0.20.0Incubating/0.20.1Incubating/0.20.2Incubating It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data). | 9.8 |
2020-04-01 | CVE-2019-17564 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. | 9.8 |
2020-03-30 | CVE-2019-17560 | Improper Certificate Validation vulnerability in multiple products The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. | 9.1 |
2020-03-25 | CVE-2020-1957 | Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 9.8 |
2020-03-23 | CVE-2020-1944 | HTTP Request Smuggling vulnerability in multiple products There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. | 9.8 |
2020-03-23 | CVE-2019-17565 | HTTP Request Smuggling vulnerability in multiple products There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. | 9.8 |
2020-03-23 | CVE-2019-17559 | HTTP Request Smuggling vulnerability in multiple products There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. | 9.8 |
2020-03-13 | CVE-2020-1953 | Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. | 10.0 |
2020-03-11 | CVE-2020-1947 | Deserialization of Untrusted Data vulnerability in Apache Shardingsphere 4.0.0 In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. | 9.8 |