Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-19 | CVE-2021-27906 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. | 5.5 |
| 2021-03-19 | CVE-2021-27807 | Excessive Iteration vulnerability in multiple products A carefully crafted PDF file can trigger an infinite loop while loading the file. | 5.5 |
| 2021-03-17 | CVE-2020-17525 | NULL Pointer Dereference vulnerability in multiple products Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. | 4.3 |
| 2021-03-17 | CVE-2020-13924 | Path Traversal vulnerability in Apache Ambari In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | 5.0 |
| 2021-03-16 | CVE-2020-1926 | Information Exposure Through Discrepancy vulnerability in Apache Hive Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. | 4.3 |
| 2021-03-15 | CVE-2021-27576 | Unspecified vulnerability in Apache Openmeetings If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. | 5.0 |
| 2021-03-10 | CVE-2020-13959 | Cross-site Scripting vulnerability in multiple products The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. | 6.1 |
| 2021-03-10 | CVE-2020-13936 | An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. | 8.8 |
| 2021-03-09 | CVE-2021-21295 | HTTP Request Smuggling vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.9 |
| 2021-03-09 | CVE-2020-35451 | Race Condition vulnerability in Apache Oozie There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation. | 4.7 |