Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-17 | CVE-2021-26697 | Improper Authentication vulnerability in Apache Airflow 2.0.0 The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. | 5.0 |
| 2021-02-17 | CVE-2021-26559 | Improper Privilege Management vulnerability in Apache Airflow 2.0.0 Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. | 4.0 |
| 2021-02-12 | CVE-2020-13949 | Resource Exhaustion vulnerability in Apache Thrift In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | 5.0 |
| 2021-02-08 | CVE-2020-13947 | Cross-Site Scripting vulnerability in Apache Activemq An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. | 4.3 |
| 2021-02-03 | CVE-2020-17523 | Incorrect Authorization vulnerability in Apache Shiro Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | 9.0 |
| 2021-02-03 | CVE-2020-17516 | Authentication Bypass BY Spoofing vulnerability in Apache Cassandra Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. | 4.3 |
| 2021-01-29 | CVE-2021-25646 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Druid Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. | 9.0 |
| 2021-01-27 | CVE-2021-26118 | Improper Authentication vulnerability in Apache Activemq Artemis 2.15.0 While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. | 5.0 |
| 2021-01-27 | CVE-2021-26117 | Improper Authentication vulnerability in Apache Activemq and Activemq Artemis The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. | 5.0 |
| 2021-01-26 | CVE-2020-9492 | Improper Privilege Management vulnerability in Apache Hadoop In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. | 6.5 |