High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-17	CVE-2020-13933	Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. network low complexity apache debian	7.5
2020-08-17	CVE-2020-13941	Improper Input Validation vulnerability in Apache Solr Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. network low complexity apache CWE-20	8.8
2020-08-11	CVE-2020-11976	Files or Directories Accessible to External Parties vulnerability in Apache Fortress and Wicket By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. network low complexity apache CWE-552	7.5
2020-08-07	CVE-2020-9490	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. network low complexity apache oracle opensuse debian fedoraproject canonical redhat CWE-444	7.5
2020-08-07	CVE-2020-11993	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. network low complexity apache netapp canonical opensuse debian fedoraproject oracle CWE-444	7.5
2020-07-17	CVE-2020-11978	OS Command Injection vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. network low complexity apache CWE-78	8.8
2020-07-14	CVE-2020-13935	Infinite Loop vulnerability in multiple products The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. network low complexity apache debian netapp opensuse canonical mcafee oracle CWE-835	7.5
2020-07-14	CVE-2020-13934	Memory Leak vulnerability in multiple products An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. network low complexity apache debian netapp opensuse canonical oracle CWE-401	7.5
2020-07-08	CVE-2020-11994	Injection vulnerability in multiple products Server-Side Template Injection and arbitrary file disclosure on Camel templating components network low complexity apache oracle CWE-74	7.5
2020-06-30	CVE-2020-9483	SQL Injection vulnerability in Apache Skywalking Resolved When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. network low complexity apache CWE-89	7.5