Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-25 | CVE-2020-17532 | Deserialization of Untrusted Data vulnerability in Apache Java Chassis When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. | 8.8 |
| 2021-01-19 | CVE-2021-20190 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was found in jackson-databind before 2.9.10.7. | 8.1 |
| 2021-01-11 | CVE-2020-17534 | Race Condition vulnerability in Apache Html/Java API 1.7 There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. | 7.0 |
| 2021-01-11 | CVE-2020-17509 | HTTP Request Smuggling vulnerability in Apache Traffic Server ATS negative cache option is vulnerable to a cache poisoning attack. | 7.5 |
| 2021-01-11 | CVE-2020-17508 | Unspecified vulnerability in Apache Traffic Server The ATS ESI plugin has a memory disclosure vulnerability. | 7.5 |
| 2021-01-05 | CVE-2020-17519 | Files or Directories Accessible to External Parties vulnerability in Apache Flink 1.11.0/1.11.1/1.11.2 A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. | 7.5 |
| 2021-01-05 | CVE-2020-17518 | Path Traversal vulnerability in Apache Flink Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. | 7.5 |
| 2020-12-29 | CVE-2020-17533 | Unchecked Return Value vulnerability in Apache Accumulo Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. | 8.1 |
| 2020-12-21 | CVE-2020-17526 | Unspecified vulnerability in Apache Airflow Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. | 7.7 |
| 2020-12-18 | CVE-2020-28052 | An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. | 8.1 |