Drill

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-30	CVE-2019-14439	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. network low complexity fasterxml debian fedoraproject apache redhat oracle CWE-502	7.5
2019-05-23	CVE-2019-0201	Missing Authorization vulnerability in multiple products An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. network high complexity apache debian redhat oracle netapp CWE-862	5.9
2019-04-22	CVE-2019-10241	Cross-site Scripting vulnerability in multiple products In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. network low complexity eclipse debian apache oracle CWE-79	6.1
2017-12-18	CVE-2017-12630	Cross-site Scripting vulnerability in Apache Drill In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. network low complexity apache CWE-79	5.4
2014-11-24	CVE-2010-5312	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. network low complexity debian jqueryui fedoraproject netapp apache drupal CWE-79	6.1