Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-17 | CVE-2021-26697 | Missing Authentication for Critical Function vulnerability in Apache Airflow 2.0.0 The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. | 5.3 |
2021-02-17 | CVE-2021-26559 | Unspecified vulnerability in Apache Airflow 2.0.0 Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. | 6.5 |
2021-02-16 | CVE-2021-21315 | OS Command Injection vulnerability in multiple products The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. | 7.8 |
2021-02-12 | CVE-2020-13949 | Resource Exhaustion vulnerability in multiple products In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | 7.5 |
2021-02-08 | CVE-2020-13947 | Cross-site Scripting vulnerability in multiple products An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. | 6.1 |
2021-02-03 | CVE-2020-17523 | Improper Authentication vulnerability in Apache Shiro Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | 9.8 |
2021-02-03 | CVE-2020-17516 | Authentication Bypass by Spoofing vulnerability in Apache Cassandra Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. | 7.5 |
2021-01-29 | CVE-2021-25646 | Unspecified vulnerability in Apache Druid 0.4.8 Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. | 8.8 |
2021-01-27 | CVE-2021-26118 | While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. | 7.5 |
2021-01-27 | CVE-2021-26117 | Improper Authentication vulnerability in multiple products The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. | 7.5 |