Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-28 | CVE-2019-0222 | In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. | 7.5 |
| 2019-03-28 | CVE-2019-0212 | Unspecified vulnerability in Apache Hbase In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. | 7.5 |
| 2019-03-28 | CVE-2019-0224 | Cross-site Scripting vulnerability in Apache Jspwiki In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. | 6.1 |
| 2019-03-25 | CVE-2019-0204 | A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. | 7.8 |
| 2019-03-21 | CVE-2019-0191 | Path Traversal vulnerability in Apache Karaf Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. | 6.5 |
| 2019-03-21 | CVE-2018-11789 | Path Traversal vulnerability in Apache Heron When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. | 7.5 |
| 2019-03-21 | CVE-2018-11767 | Improper Privilege Management vulnerability in Apache Hadoop In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms. | 7.4 |
| 2019-03-08 | CVE-2017-3164 | Server-Side Request Forgery (SSRF) vulnerability in Apache Solr Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). | 7.5 |
| 2019-03-07 | CVE-2019-0192 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. | 9.8 |
| 2019-03-07 | CVE-2018-11783 | Information Exposure vulnerability in Apache Traffic Server sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. | 7.5 |