Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-13 | CVE-2021-29262 | Insufficiently Protected Credentials vulnerability in Apache Solr When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. | 7.5 |
| 2021-04-02 | CVE-2021-22696 | Server-Side Request Forgery (SSRF) vulnerability in multiple products CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). | 7.5 |
| 2021-03-30 | CVE-2021-26919 | Unspecified vulnerability in Apache Druid Apache Druid allows users to read data from other database systems using JDBC. | 8.8 |
| 2021-03-17 | CVE-2020-17525 | NULL Pointer Dereference vulnerability in multiple products Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. | 7.5 |
| 2021-03-17 | CVE-2020-13924 | Path Traversal vulnerability in Apache Ambari In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | 7.5 |
| 2021-03-15 | CVE-2021-27576 | Unspecified vulnerability in Apache Openmeetings If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. | 7.5 |
| 2021-03-10 | CVE-2020-13936 | An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. | 8.8 |
| 2021-03-01 | CVE-2021-25329 | The fix for CVE-2020-9484 was incomplete. | 7.0 |
| 2021-03-01 | CVE-2021-25122 | Information Exposure vulnerability in multiple products When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. | 7.5 |
| 2021-02-24 | CVE-2020-11988 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. | 8.2 |