Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-27 | CVE-2018-1306 | Information Exposure vulnerability in Apache Pluto 3.0.0 The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. | 7.5 |
| 2018-06-27 | CVE-2018-8025 | Race Condition vulnerability in Apache Hbase CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. | 8.1 |
| 2018-06-20 | CVE-2018-8030 | Improper Input Validation vulnerability in Apache Qpid Broker-J A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). | 7.5 |
| 2018-06-18 | CVE-2018-1333 | Resource Exhaustion vulnerability in multiple products By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. | 7.5 |
| 2018-06-13 | CVE-2017-15695 | Incorrect Authorization vulnerability in Apache Geode When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. | 8.8 |
| 2018-06-08 | CVE-2018-1281 | Information Exposure vulnerability in Apache Mxnet The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. | 6.5 |
| 2018-06-05 | CVE-2018-8008 | Path Traversal vulnerability in Apache Storm Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. | 5.5 |
| 2018-06-05 | CVE-2018-1332 | Information Exposure vulnerability in Apache Storm Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons. | 6.5 |
| 2018-05-24 | CVE-2018-8013 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. | 9.8 |
| 2018-05-23 | CVE-2018-1310 | Deserialization of Untrusted Data vulnerability in Apache Nifi Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. | 7.5 |