Vulnerabilities > Apache

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-11	CVE-2018-11800	SQL Injection vulnerability in Apache Fineract SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. network low complexity apache CWE-89 critical	9.8
2019-05-30	CVE-2018-8029	Unspecified vulnerability in Apache Hadoop In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. network low complexity apache	8.8
2019-05-28	CVE-2019-0221	Cross-site Scripting vulnerability in Apache Tomcat The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. network low complexity apache CWE-79	6.1
2019-05-28	CVE-2019-0188	XXE vulnerability in multiple products Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. network low complexity oracle apache CWE-611	7.5
2019-05-28	CVE-2018-17198	Server-Side Request Forgery (SSRF) vulnerability in Apache Roller Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. network low complexity apache CWE-918 critical	9.8
2019-05-23	CVE-2019-0201	Missing Authorization vulnerability in multiple products An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. network high complexity apache debian redhat oracle netapp CWE-862	5.9
2019-05-20	CVE-2019-10078	Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. network low complexity apache CWE-79	6.1
2019-05-20	CVE-2019-10077	Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. network low complexity apache CWE-79	6.1
2019-05-20	CVE-2019-10076	Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. network low complexity apache CWE-79	6.1
2019-05-09	CVE-2019-0226	Path Traversal vulnerability in Apache Karaf Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. network low complexity apache CWE-22	4.9

Vulnerabilities > Apache {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Apache"}]}

Vulnerabilities > Apache