Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-14 | CVE-2017-12624 | Unspecified vulnerability in Apache CXF Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. | 5.5 |
| 2017-11-13 | CVE-2017-3166 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Hadoop In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. | 7.8 |
| 2017-11-13 | CVE-2016-6803 | Untrusted Search Path vulnerability in Apache Openoffice An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. | 7.8 |
| 2017-11-01 | CVE-2017-12625 | Information Exposure vulnerability in Apache Hive Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. | 4.3 |
| 2017-10-30 | CVE-2014-0073 | Permissions, Privileges, and Access Controls vulnerability in Apache Cordova and Cordova In-App-Browser The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI. | 9.8 |
| 2017-10-30 | CVE-2014-0072 | Improper Input Validation vulnerability in Apache Cordova and Cordova File Transfer ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option. | 7.5 |
| 2017-10-30 | CVE-2013-4366 | Improper Input Validation vulnerability in Apache Httpclient 4.3 http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification. | 9.8 |
| 2017-10-30 | CVE-2012-5636 | Cross-site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response. | 6.1 |
| 2017-10-30 | CVE-2012-4449 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Hadoop Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack. | 9.8 |
| 2017-10-30 | CVE-2014-0115 | Path Traversal vulnerability in Apache Storm 0.9.0.1 Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. | 7.5 |