Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-15 | CVE-2020-11977 | Unspecified vulnerability in Apache Syncope In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution. | 7.2 |
| 2020-09-14 | CVE-2019-0233 | Improper Preservation of Permissions vulnerability in multiple products An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. | 7.5 |
| 2020-09-11 | CVE-2020-11991 | XXE vulnerability in Apache Cocoon When using the StreamGenerator, the code parse a user-provided XML. | 7.5 |
| 2020-08-17 | CVE-2020-13933 | Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. | 7.5 |
| 2020-08-17 | CVE-2020-13941 | Improper Input Validation vulnerability in Apache Solr Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. | 8.8 |
| 2020-08-11 | CVE-2020-11976 | Files or Directories Accessible to External Parties vulnerability in Apache Fortress and Wicket By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. | 7.5 |
| 2020-08-07 | CVE-2020-9490 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. | 7.5 |
| 2020-08-07 | CVE-2020-11993 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. | 7.5 |
| 2020-07-17 | CVE-2020-11978 | OS Command Injection vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 8.8 |
| 2020-07-14 | CVE-2020-13935 | Infinite Loop vulnerability in multiple products The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. | 7.5 |