Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-13946 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. | 5.9 |
| 2020-08-07 | CVE-2020-11985 | Insufficient Verification of Data Authenticity vulnerability in Apache Http Server IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. | 5.3 |
| 2020-07-20 | CVE-2020-13932 | Cross-site Scripting vulnerability in Apache Activemq Artemis In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. | 6.1 |
| 2020-07-17 | CVE-2020-9485 | Cross-site Scripting vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 6.1 |
| 2020-07-17 | CVE-2020-11983 | Cross-site Scripting vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 5.4 |
| 2020-07-15 | CVE-2020-9496 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz 17.12.03 XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 | 6.1 |
| 2020-07-15 | CVE-2020-13923 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 | 5.3 |
| 2020-07-02 | CVE-2020-9498 | Out-of-bounds Write vulnerability in multiple products Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. | 6.7 |
| 2020-07-02 | CVE-2020-9497 | Improper Input Validation vulnerability in multiple products Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. | 4.4 |
| 2020-06-26 | CVE-2020-10727 | Insufficiently Protected Credentials vulnerability in multiple products A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. | 5.5 |