Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-06 | CVE-2019-0200 | Unspecified vulnerability in Apache Qpid Broker-J A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). | 7.5 |
| 2019-03-06 | CVE-2019-0187 | Deserialization of Untrusted Data vulnerability in Apache Jmeter 4.0/5.0 Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). | 9.8 |
| 2019-03-05 | CVE-2018-11793 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Mesos When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. | 7.5 |
| 2019-02-27 | CVE-2018-20244 | Cross-site Scripting vulnerability in Apache Airflow In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 5.5 |
| 2019-02-11 | CVE-2018-20242 | Cross-site Scripting vulnerability in Apache Jspwiki A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking. | 6.1 |
| 2019-02-11 | CVE-2019-5736 | OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78 | 8.6 |
| 2019-02-07 | CVE-2018-1340 | Missing Encryption of Sensitive Data vulnerability in Apache Guacamole Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. | 7.5 |
| 2019-02-07 | CVE-2018-1296 | Information Exposure vulnerability in Apache Hadoop In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent. | 7.5 |
| 2019-02-05 | CVE-2018-11803 | Access of Uninitialized Pointer vulnerability in multiple products Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. | 7.5 |
| 2019-02-04 | CVE-2018-11760 | Unspecified vulnerability in Apache Spark When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. | 5.5 |