Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-30 | CVE-2019-0214 | Unspecified vulnerability in Apache Archiva In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. | 6.5 |
| 2019-04-30 | CVE-2019-0213 | Cross-site Scripting vulnerability in Apache Archiva In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. | 6.5 |
| 2019-04-30 | CVE-2019-0194 | Path Traversal vulnerability in Apache Camel Apache Camel's File is vulnerable to directory traversal. | 7.5 |
| 2019-04-26 | CVE-2019-0186 | Cross-site Scripting vulnerability in Apache Pluto 3.0.0/3.0.1 The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2019-04-23 | CVE-2019-2684 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). | 5.9 |
| 2019-04-23 | CVE-2019-0223 | While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. | 7.4 |
| 2019-04-23 | CVE-2018-1328 | Cross-site Scripting vulnerability in Apache Zeppelin Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. | 6.1 |
| 2019-04-23 | CVE-2018-1317 | Improper Authentication vulnerability in Apache Zeppelin In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication. | 8.8 |
| 2019-04-23 | CVE-2017-12619 | Session Fixation vulnerability in Apache Zeppelin Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. | 8.1 |
| 2019-04-22 | CVE-2019-0218 | Cross-site Scripting vulnerability in Apache Pony Mail A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface. | 6.1 |