Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-17 | CVE-2020-13924 | Path Traversal vulnerability in Apache Ambari In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | 7.5 |
| 2021-03-16 | CVE-2020-1926 | Information Exposure Through Discrepancy vulnerability in Apache Hive Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. | 5.9 |
| 2021-03-15 | CVE-2021-27576 | Unspecified vulnerability in Apache Openmeetings If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. | 7.5 |
| 2021-03-10 | CVE-2020-13959 | Cross-site Scripting vulnerability in multiple products The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. | 6.1 |
| 2021-03-10 | CVE-2020-13936 | An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. | 8.8 |
| 2021-03-09 | CVE-2021-21295 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.9 |
| 2021-03-09 | CVE-2020-35451 | Race Condition vulnerability in Apache Oozie There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation. | 4.7 |
| 2021-03-05 | CVE-2021-27907 | Cross-site Scripting vulnerability in Apache Superset Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. | 5.4 |
| 2021-03-02 | CVE-2020-1936 | Cross-site Scripting vulnerability in Apache Ambari A cross-site scripting issue was found in Apache Ambari Views. | 6.1 |
| 2021-03-01 | CVE-2020-9479 | Path Traversal vulnerability in Apache Asterixdb When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. | 5.5 |