Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-06 | CVE-2018-17202 | Infinite Loop vulnerability in Apache Commons Imaging 0.97 Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. | 7.5 |
| 2019-05-06 | CVE-2018-17201 | Unspecified vulnerability in Apache Commons Imaging 0.97 Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. | 7.5 |
| 2019-05-01 | CVE-2019-0227 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. | 7.5 |
| 2019-05-01 | CVE-2018-8035 | Cross-site Scripting vulnerability in Apache Uimaducc This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. | 6.1 |
| 2019-04-30 | CVE-2019-0214 | Unspecified vulnerability in Apache Archiva In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. | 6.5 |
| 2019-04-30 | CVE-2019-0213 | Cross-site Scripting vulnerability in Apache Archiva In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. | 6.5 |
| 2019-04-30 | CVE-2019-0194 | Path Traversal vulnerability in Apache Camel Apache Camel's File is vulnerable to directory traversal. | 7.5 |
| 2019-04-26 | CVE-2019-0186 | Cross-site Scripting vulnerability in Apache Pluto 3.0.0/3.0.1 The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2019-04-23 | CVE-2019-2684 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). | 5.9 |
| 2019-04-23 | CVE-2019-0223 | While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. | 7.4 |