Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2021-38540 | Missing Authentication for Critical Function vulnerability in Apache Airflow The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. | 9.8 |
| 2021-09-09 | CVE-2021-36161 | Use of Externally-Controlled Format String vulnerability in Apache Dubbo Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. | 9.8 |
| 2021-09-09 | CVE-2021-37579 | Deserialization of Untrusted Data vulnerability in Apache Dubbo The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. | 9.8 |
| 2021-09-07 | CVE-2021-36162 | Unspecified vulnerability in Apache Dubbo Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). | 8.8 |
| 2021-09-07 | CVE-2021-36163 | Deserialization of Untrusted Data vulnerability in Apache Dubbo In Apache Dubbo, users may choose to use the Hessian protocol. | 9.8 |
| 2021-09-02 | CVE-2019-10095 | Command Injection vulnerability in Apache Zeppelin bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. | 9.8 |
| 2021-09-02 | CVE-2020-13929 | Unspecified vulnerability in Apache Zeppelin Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. | 7.5 |
| 2021-09-02 | CVE-2021-27578 | Cross-site Scripting vulnerability in Apache Zeppelin Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. | 6.1 |
| 2021-08-30 | CVE-2021-25958 | Information Exposure Through an Error Message vulnerability in Apache Ofbiz In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. | 7.5 |
| 2021-08-24 | CVE-2021-33191 | OS Command Injection vulnerability in Apache Nifi Minifi C++ 0.5.0/0.6.0/0.9.0 From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. | 9.8 |