Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-07 | CVE-2018-11788 | XXE vulnerability in Apache Karaf Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. | 7.5 |
| 2019-01-02 | CVE-2018-17188 | Unspecified vulnerability in Apache Couchdb Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. | 7.2 |
| 2018-12-31 | CVE-2018-17191 | Unspecified vulnerability in Apache Netbeans 9.0 Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). | 9.8 |
| 2018-12-24 | CVE-2018-17197 | Infinite Loop vulnerability in Apache Tika A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. | 6.5 |
| 2018-12-19 | CVE-2018-11799 | Improper Input Validation vulnerability in Apache Oozie Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. | 6.5 |
| 2018-12-19 | CVE-2018-17195 | Cleartext Transmission of Sensitive Information vulnerability in Apache Nifi The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. | 5.1 |
| 2018-12-19 | CVE-2018-17194 | Improper Input Validation vulnerability in Apache Nifi When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. | 5.0 |
| 2018-12-19 | CVE-2018-17193 | Cross-site Scripting vulnerability in Apache Nifi The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. | 4.3 |
| 2018-12-19 | CVE-2018-17192 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Nifi The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. | 4.3 |
| 2018-12-13 | CVE-2018-8033 | Information Exposure vulnerability in Apache Ofbiz In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. | 7.5 |