Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-11 | CVE-2019-0196 | Use After Free vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. | 5.3 |
| 2019-06-11 | CVE-2019-0220 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. | 5.3 |
| 2019-06-11 | CVE-2018-11801 | SQL Injection vulnerability in Apache Fineract SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table. | 9.8 |
| 2019-06-11 | CVE-2018-11800 | SQL Injection vulnerability in Apache Fineract SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. | 9.8 |
| 2019-05-30 | CVE-2018-8029 | Unspecified vulnerability in Apache Hadoop In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2019-05-28 | CVE-2019-0221 | Cross-site Scripting vulnerability in Apache Tomcat The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. | 6.1 |
| 2019-05-28 | CVE-2019-0188 | XXE vulnerability in multiple products Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. | 7.5 |
| 2019-05-28 | CVE-2018-17198 | Server-Side Request Forgery (SSRF) vulnerability in Apache Roller Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. | 9.8 |
| 2019-05-23 | CVE-2019-0201 | Missing Authorization vulnerability in multiple products An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. | 5.9 |
| 2019-05-20 | CVE-2019-10078 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. | 6.1 |