Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-19 | CVE-2018-17193 | Cross-site Scripting vulnerability in Apache Nifi The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. | 6.1 |
| 2018-12-19 | CVE-2018-17192 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Nifi The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. | 6.5 |
| 2018-12-13 | CVE-2018-8033 | Information Exposure vulnerability in Apache Ofbiz In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. | 7.5 |
| 2018-11-27 | CVE-2018-11766 | Unspecified vulnerability in Apache Hadoop 2.7.4/2.7.5/2.7.6 In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. | 8.8 |
| 2018-11-19 | CVE-2018-17190 | Unspecified vulnerability in Apache Spark In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. | 9.8 |
| 2018-11-13 | CVE-2018-8009 | Path Traversal vulnerability in Apache Hadoop Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. | 8.8 |
| 2018-11-13 | CVE-2018-17187 | Improper Certificate Validation vulnerability in Apache Qpid Proton-J The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. | 7.4 |
| 2018-11-08 | CVE-2018-1314 | Missing Authorization vulnerability in Apache Hive In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. | 4.3 |
| 2018-11-08 | CVE-2018-11777 | Unspecified vulnerability in Apache Hive In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use. | 8.1 |
| 2018-11-07 | CVE-2018-8021 | Deserialization of Untrusted Data vulnerability in Apache Superset Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. | 9.8 |