Vulnerabilities > Apache > Ranger > 0.7.0

DATE CVE VULNERABILITY TITLE RISK
2019-08-08 CVE-2019-12397 Cross-site Scripting vulnerability in Apache Ranger
Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue.
network
low complexity
apache CWE-79
6.1
6.1
2018-10-05 CVE-2018-11778 Out-of-bounds Write vulnerability in Apache Ranger
UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow.
network
low complexity
apache CWE-787
8.8
8.8
2017-06-14 CVE-2017-7677 Missing Authorization vulnerability in Apache Ranger
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
network
apache CWE-862
4.3
4.3
2017-06-14 CVE-2017-7676 Improper Input Validation vulnerability in Apache Ranger
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt.
network
low complexity
apache CWE-20
7.5
7.5