Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-36163 Deserialization of Untrusted Data vulnerability in Apache Dubbo
In Apache Dubbo, users may choose to use the Hessian protocol.
network
low complexity
apache CWE-502
7.5
2021-09-07 CVE-2021-36162 Unspecified vulnerability in Apache Dubbo
Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo).
network
low complexity
apache
6.5
2021-09-02 CVE-2021-27578 Cross-site Scripting vulnerability in Apache Zeppelin
Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts.
network
apache CWE-79
4.3
2021-09-02 CVE-2020-13929 Improper Authentication vulnerability in Apache Zeppelin
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user.
network
low complexity
apache CWE-287
5.0
2021-09-02 CVE-2019-10095 Command Injection vulnerability in Apache Zeppelin
bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings.
network
low complexity
apache CWE-77
critical
10.0
2021-08-30 CVE-2021-25958 Information Exposure Through an Error Message vulnerability in Apache Ofbiz
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon.
network
low complexity
apache CWE-209
5.0
2021-08-24 CVE-2021-33191 OS Command Injection vulnerability in Apache Nifi Minifi C++ 0.5.0/0.6.0/0.9.0
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary.
network
low complexity
apache CWE-78
7.5
2021-08-23 CVE-2021-35940 Out-of-bounds Read vulnerability in Apache Portable Runtime
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613).
local
low complexity
apache CWE-125
3.6
2021-08-18 CVE-2021-37608 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Ofbiz
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands.
network
low complexity
apache CWE-434
7.5
2021-08-18 CVE-2021-33580 Resource Exhaustion vulnerability in Apache Roller
User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression.
network
apache CWE-400
4.3