Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-19 | CVE-2021-27807 | Excessive Iteration vulnerability in multiple products A carefully crafted PDF file can trigger an infinite loop while loading the file. | 5.5 |
| 2021-03-16 | CVE-2020-1926 | Information Exposure Through Discrepancy vulnerability in Apache Hive Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. | 5.9 |
| 2021-03-10 | CVE-2020-13959 | Cross-site Scripting vulnerability in multiple products The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. | 6.1 |
| 2021-03-09 | CVE-2021-21295 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.9 |
| 2021-03-09 | CVE-2020-35451 | Race Condition vulnerability in Apache Oozie There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation. | 4.7 |
| 2021-03-05 | CVE-2021-27907 | Cross-site Scripting vulnerability in Apache Superset Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. | 5.4 |
| 2021-03-02 | CVE-2020-1936 | Cross-site Scripting vulnerability in Apache Ambari A cross-site scripting issue was found in Apache Ambari Views. | 6.1 |
| 2021-03-01 | CVE-2020-9479 | Path Traversal vulnerability in Apache Asterixdb When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. | 5.5 |
| 2021-02-26 | CVE-2020-27223 | Resource Exhaustion vulnerability in multiple products In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. | 5.3 |
| 2021-02-20 | CVE-2021-26544 | Cross-site Scripting vulnerability in Apache Livy 0.7.0Incubating Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. | 5.4 |