Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-13 | CVE-2018-17187 | Improper Certificate Validation vulnerability in Apache Qpid Proton-J The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. | 7.4 |
| 2018-11-08 | CVE-2018-1314 | Missing Authorization vulnerability in Apache Hive In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. | 4.3 |
| 2018-11-08 | CVE-2018-11777 | Unspecified vulnerability in Apache Hive In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use. | 8.1 |
| 2018-11-07 | CVE-2018-8021 | Deserialization of Untrusted Data vulnerability in Apache Superset Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. | 9.8 |
| 2018-11-06 | CVE-2018-17186 | XXE vulnerability in Apache Syncope An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. | 7.2 |
| 2018-11-06 | CVE-2018-17184 | Cross-site Scripting vulnerability in Apache Syncope A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. | 5.4 |
| 2018-10-31 | CVE-2018-11759 | Path Traversal vulnerability in multiple products The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. | 7.5 |
| 2018-10-24 | CVE-2018-11792 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. | 9.8 |
| 2018-10-24 | CVE-2018-11785 | Missing Authorization vulnerability in Apache Impala Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. | 6.5 |
| 2018-10-24 | CVE-2018-11804 | Unspecified vulnerability in Apache Spark Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. | 7.5 |