Download
| Alert*
|
CVE-2016-6815
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. CVE-2018-11778 UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0 CVE-2015-0265 Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. |
