Vulnerabilities > Apache

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-21	CVE-2018-14889	Improper Input Validation vulnerability in Apache Couchdb CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. local low complexity apache vectra CWE-20	4.6
2018-09-21	CVE-2018-8023	Information Exposure vulnerability in Apache Mesos Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). network high complexity apache CWE-200	5.9
2018-09-19	CVE-2018-8017	Infinite Loop vulnerability in Apache Tika In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. local low complexity apache CWE-835	5.5
2018-09-19	CVE-2018-11762	Path Traversal vulnerability in Apache Tika In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. network high complexity apache CWE-22	5.9
2018-09-19	CVE-2018-11761	XXE vulnerability in multiple products In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. network low complexity apache oracle CWE-611	7.5
2018-09-18	CVE-2018-11787	Improper Authentication vulnerability in Apache Karaf In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. network high complexity apache CWE-287	8.1
2018-09-18	CVE-2018-11786	Improper Privilege Management vulnerability in Apache Karaf In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. network low complexity apache CWE-269	8.8
2018-09-17	CVE-2018-8041	Path Traversal vulnerability in Apache Camel Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. network low complexity apache CWE-22	5.3
2018-09-17	CVE-2018-11781	Code Injection vulnerability in multiple products Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. local low complexity apache redhat debian canonical CWE-94	7.8
2018-09-17	CVE-2018-11780	Code Injection vulnerability in multiple products A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. network low complexity apache pdfinfo-project debian canonical CWE-94 critical	9.8

Vulnerabilities > Apache {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Apache"}]}

Vulnerabilities > Apache