Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-14 | CVE-2020-11971 | Apache Camel's JMX is vulnerable to Rebind Flaw. | 7.5 |
| 2020-04-30 | CVE-2019-12425 | Injection vulnerability in Apache Ofbiz 17.12.01 Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host | 7.5 |
| 2020-04-30 | CVE-2019-0235 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Ofbiz 17.12.01 Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks. | 8.8 |
| 2020-04-27 | CVE-2020-9481 | Resource Exhaustion vulnerability in multiple products Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. | 7.5 |
| 2020-03-30 | CVE-2019-17561 | Improper Verification of Cryptographic Signature vulnerability in multiple products The "Apache NetBeans" autoupdate system does not fully validate code signatures. | 7.5 |
| 2020-03-16 | CVE-2019-10091 | Improper Certificate Validation vulnerability in Apache Geode 1.9.0 When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. | 7.4 |
| 2020-02-24 | CVE-2020-1937 | SQL Injection vulnerability in Apache Kylin Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries. | 8.8 |
| 2020-02-11 | CVE-2020-1942 | Information Exposure Through Log Files vulnerability in Apache Nifi In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. | 7.5 |
| 2020-02-11 | CVE-2020-5529 | Improper Initialization vulnerability in multiple products HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. | 8.1 |
| 2020-01-30 | CVE-2020-1931 | OS Command Injection vulnerability in Apache Spamassassin A command execution issue was found in Apache SpamAssassin prior to 3.4.3. | 8.1 |