Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-1000420 | Incorrect Authorization vulnerability in Apache Mesos An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | 6.5 |
| 2019-01-07 | CVE-2018-1320 | Improper Certificate Validation vulnerability in multiple products Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. | 7.5 |
| 2019-01-07 | CVE-2018-11798 | File and Directory Information Exposure vulnerability in Apache Thrift The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path. | 6.5 |
| 2019-01-07 | CVE-2018-11788 | XXE vulnerability in Apache Karaf Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. | 9.8 |
| 2019-01-02 | CVE-2018-17188 | Unspecified vulnerability in Apache Couchdb Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. | 7.2 |
| 2018-12-31 | CVE-2018-17191 | Unspecified vulnerability in Apache Netbeans 9.0 Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). | 9.8 |
| 2018-12-24 | CVE-2018-17197 | Infinite Loop vulnerability in Apache Tika A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. | 6.5 |
| 2018-12-19 | CVE-2018-11799 | Improper Input Validation vulnerability in Apache Oozie Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. | 6.5 |
| 2018-12-19 | CVE-2018-17195 | Incorrect Authorization vulnerability in Apache Nifi The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. | 7.5 |
| 2018-12-19 | CVE-2018-17194 | Improper Input Validation vulnerability in Apache Nifi When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. | 7.5 |