Vulnerabilities > Apache > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-34442 | Unspecified vulnerability in Apache Camel Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1 | 3.3 |
| 2022-09-28 | CVE-2021-43980 | Race Condition vulnerability in multiple products The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. | 3.7 |
| 2022-06-27 | CVE-2022-33879 | Unspecified vulnerability in Apache Tika The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. | 3.3 |
| 2022-02-04 | CVE-2021-36151 | Information Exposure vulnerability in Apache Gobblin In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. | 2.1 |
| 2021-10-18 | CVE-2021-32609 | Cross-site Scripting vulnerability in Apache Superset Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. | 3.5 |
| 2021-04-01 | CVE-2021-28163 | Link Following vulnerability in multiple products In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. | 2.7 |
| 2021-02-20 | CVE-2021-26544 | Cross-site Scripting vulnerability in Apache Livy 0.7.0Incubating Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. | 3.5 |
| 2020-12-01 | CVE-2020-11990 | Unspecified vulnerability in Apache Cordova 4.1.0 We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. | 2.1 |
| 2020-07-17 | CVE-2020-11983 | Cross-site Scripting vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 3.5 |
| 2020-06-26 | CVE-2020-10727 | Insufficiently Protected Credentials vulnerability in multiple products A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. | 2.1 |