Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-3155 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. | 6.1 |
| 2017-08-29 | CVE-2017-3154 | Information Exposure vulnerability in Apache Atlas 0.6.0/0.7.0 Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. | 7.5 |
| 2017-08-29 | CVE-2017-3153 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | 6.1 |
| 2017-08-29 | CVE-2017-3152 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. | 6.1 |
| 2017-08-29 | CVE-2017-3151 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. | 6.1 |
| 2017-08-29 | CVE-2017-3150 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. | 6.1 |
| 2017-08-29 | CVE-2016-8752 | Improper Access Control vulnerability in Apache Atlas 0.6.0/0.7.0/0.7.1 Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. | 7.5 |
| 2017-08-29 | CVE-2015-5209 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. | 7.5 |
| 2017-08-22 | CVE-2016-4460 | Improper Authentication vulnerability in Apache Pony Mail 0.6C/0.7B/0.8B Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | 9.8 |
| 2017-08-14 | CVE-2017-9802 | Cross-site Scripting vulnerability in Apache Sling Servlets Post 2.3.20 The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. | 6.1 |