Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-19 | CVE-2018-11762 | Path Traversal vulnerability in Apache Tika In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. | 5.9 |
| 2018-09-19 | CVE-2018-11761 | XXE vulnerability in multiple products In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. | 7.5 |
| 2018-09-18 | CVE-2018-11787 | Improper Authentication vulnerability in Apache Karaf In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. | 8.1 |
| 2018-09-18 | CVE-2018-11786 | Improper Privilege Management vulnerability in Apache Karaf In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. | 8.8 |
| 2018-09-17 | CVE-2018-8041 | Path Traversal vulnerability in Apache Camel Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. | 5.3 |
| 2018-09-17 | CVE-2018-11781 | Code Injection vulnerability in multiple products Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. | 7.8 |
| 2018-09-17 | CVE-2018-11780 | Code Injection vulnerability in multiple products A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. | 9.8 |
| 2018-09-17 | CVE-2017-15705 | Improper Input Validation vulnerability in multiple products A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. | 5.3 |
| 2018-09-13 | CVE-2018-1330 | Improper Input Validation vulnerability in Apache Mesos When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. | 7.5 |
| 2018-09-10 | CVE-2018-11775 | Improper Certificate Validation vulnerability in multiple products TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. | 7.4 |