Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-18 | CVE-2019-10070 | Cross-site Scripting vulnerability in Apache Atlas 0.8.3/1.1.0 Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality | 6.1 |
| 2019-11-18 | CVE-2019-10172 | A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. | 7.5 |
| 2019-11-09 | CVE-2009-5004 | Improper Input Validation vulnerability in Apache Qpid-Cpp 1.0 qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | 6.5 |
| 2019-11-08 | CVE-2019-12410 | Missing Initialization of Resource vulnerability in Apache Arrow While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. | 7.5 |
| 2019-11-08 | CVE-2019-12408 | Missing Initialization of Resource vulnerability in Apache Arrow 0.14.0/0.14.1 It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. | 7.5 |
| 2019-11-06 | CVE-2019-12419 | Incorrect Authorization vulnerability in multiple products Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. | 9.8 |
| 2019-11-06 | CVE-2019-12406 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. | 6.5 |
| 2019-11-05 | CVE-2019-10084 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. | 7.5 |
| 2019-11-01 | CVE-2011-3923 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | 9.8 |
| 2019-10-30 | CVE-2019-12417 | Cross-site Scripting vulnerability in Apache Airflow A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 4.8 |