Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-12 | CVE-2016-6808 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Tomcat JK Connector Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. | 9.8 |
| 2017-04-11 | CVE-2016-0779 | Deserialization of Untrusted Data vulnerability in Apache Tomee The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. | 9.8 |
| 2017-04-11 | CVE-2016-6811 | Permissions, Privileges, and Access Controls vulnerability in Apache Hadoop In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2017-04-07 | CVE-2016-6805 | XXE vulnerability in Apache Ignite Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents. | 5.9 |
| 2017-04-06 | CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. | 9.8 |
| 2017-04-06 | CVE-2016-6809 | Deserialization of Untrusted Data vulnerability in Apache Nutch and Tika Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. | 9.8 |
| 2017-04-04 | CVE-2017-5649 | Information Exposure vulnerability in Apache Geode 1.0.0/1.1.0 Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster. | 7.5 |
| 2017-04-03 | CVE-2017-5642 | Incorrect Default Permissions vulnerability in Apache Ambari 2.4.0/2.4.1/2.4.2 During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | 9.8 |
| 2017-03-29 | CVE-2016-4976 | Information Exposure vulnerability in Apache Ambari Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. | 5.5 |
| 2017-03-29 | CVE-2014-3582 | Code Injection vulnerability in Apache Ambari In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | 9.8 |