Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-11995
PUBLISHED: 2021-01-11

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in…

CVE-2020-13922
PUBLISHED: 2021-01-11

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

CVE-2020-17508
PUBLISHED: 2021-01-11

The ESI plugin in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.11, and 8.0.0 to 8.1.0 has a memory disclosure vulnerability. If you are running the plugin please upgrade to 7.1.12 or 8.1.1 or later.

CVE-2020-17509
PUBLISHED: 2021-01-11

Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack affecting versions 6.0.0 through 6.2.3, 7.0.0 through 7.1.10, and 8.0.0 through 8.0.7. If you have this option enabled, please upgrade or disable this feature.

CVE-2021-3118
PUBLISHED: 2021-01-11

** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the applicatio…