Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-19 | CVE-2021-39236 | Missing Authorization vulnerability in Apache Ozone In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. | 8.8 |
| 2021-11-19 | CVE-2021-41532 | Unspecified vulnerability in Apache Ozone In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. | 5.3 |
| 2021-11-17 | CVE-2021-42250 | Improper Encoding or Escaping of Output vulnerability in Apache Superset Improper output neutralization for Logs. | 6.5 |
| 2021-11-16 | CVE-2021-37580 | Improper Authentication vulnerability in Apache Shenyu 2.3.0/2.4.0 A flaw was found in Apache ShenYu Admin. | 9.8 |
| 2021-11-12 | CVE-2021-41972 | Unspecified vulnerability in Apache Superset Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. | 6.5 |
| 2021-11-11 | CVE-2021-43350 | Injection vulnerability in Apache Traffic Control An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter. | 9.8 |
| 2021-11-11 | CVE-2021-26558 | Deserialization of Untrusted Data vulnerability in Apache Shardingsphere-Ui 4.1.1 Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. | 7.5 |
| 2021-11-03 | CVE-2021-37147 | Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2021-11-03 | CVE-2021-37148 | Improper Input Validation vulnerability in multiple products Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2021-11-03 | CVE-2021-37149 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |