Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-07 | CVE-2021-36162 | Unspecified vulnerability in Apache Dubbo Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). | 6.5 |
2021-09-07 | CVE-2021-36163 | Deserialization of Untrusted Data vulnerability in Apache Dubbo In Apache Dubbo, users may choose to use the Hessian protocol. | 7.5 |
2021-09-02 | CVE-2019-10095 | Command Injection vulnerability in Apache Zeppelin bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. | 9.8 |
2021-09-02 | CVE-2020-13929 | Unspecified vulnerability in Apache Zeppelin Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. | 7.5 |
2021-09-02 | CVE-2021-27578 | Cross-site Scripting vulnerability in Apache Zeppelin Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. | 6.1 |
2021-08-30 | CVE-2021-25958 | Information Exposure Through an Error Message vulnerability in Apache Ofbiz In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. | 5.0 |
2021-08-24 | CVE-2021-33191 | OS Command Injection vulnerability in Apache Nifi Minifi C++ 0.5.0/0.6.0/0.9.0 From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. | 9.8 |
2021-08-23 | CVE-2021-35940 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). | 7.1 |
2021-08-18 | CVE-2021-33580 | Resource Exhaustion vulnerability in Apache Roller User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. | 4.3 |
2021-08-18 | CVE-2021-37608 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Ofbiz Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. | 9.8 |