Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-31 | CVE-2019-6111 | Path Traversal vulnerability in multiple products An issue was discovered in OpenSSH 7.9. | 5.9 |
| 2019-01-31 | CVE-2018-11790 | Incorrect Calculation vulnerability in multiple products When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. | 7.8 |
| 2019-01-30 | CVE-2019-0190 | A bug exists in the way mod_ssl handled client renegotiations. | 7.5 |
| 2019-01-30 | CVE-2018-17199 | Session Fixation vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. | 7.5 |
| 2019-01-30 | CVE-2018-17189 | Resource Exhaustion vulnerability in multiple products In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. | 5.3 |
| 2019-01-23 | CVE-2018-20245 | Improper Certificate Validation vulnerability in Apache Airflow The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking. | 7.5 |
| 2019-01-23 | CVE-2017-17836 | Credentials Management vulnerability in Apache Airflow In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. | 9.8 |
| 2019-01-23 | CVE-2017-17835 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Airflow In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. | 8.8 |
| 2019-01-23 | CVE-2017-15720 | Improper Input Validation vulnerability in Apache Airflow In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object. | 8.8 |
| 2019-01-09 | CVE-2018-1000421 | Server-Side Request Forgery (SSRF) vulnerability in Apache Mesos An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |