Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-13 | CVE-2017-15709 | Information Exposure vulnerability in Apache Activemq When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. | 3.7 |
| 2018-02-13 | CVE-2018-1297 | Cleartext Transmission of Sensitive Information vulnerability in Apache Jmeter When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. | 9.8 |
| 2018-02-12 | CVE-2016-8742 | Permissions, Privileges, and Access Controls vulnerability in Apache Couchdb 2.0.0 The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. | 7.2 |
| 2018-02-12 | CVE-2016-5397 | Command Injection vulnerability in Apache Thrift The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. | 8.8 |
| 2018-02-09 | CVE-2018-1307 | XXE vulnerability in Apache Juddi In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. | 6.8 |
| 2018-02-09 | CVE-2018-1298 | Improper Input Validation vulnerability in Apache Qpid Broker-J 7.0.0 A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. | 5.9 |
| 2018-02-06 | CVE-2018-1299 | Path Traversal vulnerability in Apache Allura In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. | 7.5 |
| 2018-02-06 | CVE-2016-6813 | Unspecified vulnerability in Apache Cloudstack Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. | 9.8 |
| 2018-02-06 | CVE-2013-4317 | Information Exposure vulnerability in Apache Cloudstack 4.1.0/4.1.1 In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own. | 4.0 |
| 2018-02-01 | CVE-2017-3160 | Man in the Middle Security Bypass vulnerability in Apache Cordova For Android After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. network apache | 5.8 |