Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-10 | CVE-2018-8006 | Cross-site Scripting vulnerability in Apache Activemq An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. | 6.1 |
| 2018-10-09 | CVE-2018-11796 | XXE vulnerability in Apache Tika In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. | 7.5 |
| 2018-10-05 | CVE-2018-11797 | In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. | 5.5 |
| 2018-10-05 | CVE-2018-11778 | Out-of-bounds Write vulnerability in Apache Ranger UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. | 8.8 |
| 2018-10-04 | CVE-2017-5658 | Information Exposure vulnerability in Apache Pony Mail The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. | 5.3 |
| 2018-10-04 | CVE-2018-11784 | Open Redirect vulnerability in multiple products When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. | 4.3 |
| 2018-09-25 | CVE-2018-11763 | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. | 5.9 |
| 2018-09-21 | CVE-2018-14889 | Improper Input Validation vulnerability in Apache Couchdb CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. | 7.8 |
| 2018-09-21 | CVE-2018-8023 | Information Exposure vulnerability in Apache Mesos Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). | 5.9 |
| 2018-09-19 | CVE-2018-8017 | Infinite Loop vulnerability in Apache Tika In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. | 5.5 |