Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-13 | CVE-2019-9513 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. | 7.5 |
| 2019-08-13 | CVE-2019-9512 | Resource Exhaustion vulnerability in multiple products Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. | 7.5 |
| 2019-08-13 | CVE-2019-9511 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. | 7.5 |
| 2019-08-08 | CVE-2019-12397 | Cross-site Scripting vulnerability in Apache Ranger Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. | 6.1 |
| 2019-08-07 | CVE-2019-10099 | Cleartext Storage of Sensitive Information vulnerability in Apache Spark Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. | 7.5 |
| 2019-08-02 | CVE-2019-10094 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tika A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. | 7.8 |
| 2019-08-02 | CVE-2019-10093 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tika In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. | 6.5 |
| 2019-08-02 | CVE-2019-10088 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tika A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. | 8.8 |
| 2019-08-01 | CVE-2019-0193 | Code Injection vulnerability in multiple products In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. | 7.2 |
| 2019-08-01 | CVE-2015-7559 | Improper Input Validation vulnerability in multiple products It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. | 2.7 |