Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-03 | CVE-2018-8036 | Infinite Loop vulnerability in Apache Pdfbox In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. | 6.5 |
2018-07-02 | CVE-2018-8039 | Improper Handling of Exceptional Conditions vulnerability in multiple products It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. | 8.1 |
2018-06-28 | CVE-2018-8016 | Missing Authentication for Critical Function vulnerability in Apache Cassandra The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | 9.8 |
2018-06-27 | CVE-2018-1306 | Information Exposure vulnerability in Apache Pluto 3.0.0 The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. | 5.0 |
2018-06-27 | CVE-2018-8025 | Race Condition vulnerability in Apache Hbase CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. | 8.1 |
2018-06-20 | CVE-2018-8030 | Improper Input Validation vulnerability in Apache Qpid Broker-J A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). | 7.5 |
2018-06-18 | CVE-2018-1333 | Resource Exhaustion vulnerability in multiple products By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. | 7.5 |
2018-06-13 | CVE-2017-15695 | Incorrect Authorization vulnerability in Apache Geode When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. | 8.8 |
2018-06-08 | CVE-2018-1281 | Information Exposure vulnerability in Apache Mxnet The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. | 4.0 |
2018-06-05 | CVE-2018-8008 | Path Traversal vulnerability in Apache Storm Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. | 5.5 |