Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-14 | CVE-2017-7676 | Improper Input Validation vulnerability in Apache Ranger Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. | 9.8 |
| 2017-06-14 | CVE-2016-8751 | Cross-site Scripting vulnerability in Apache Ranger Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. | 4.8 |
| 2017-06-14 | CVE-2016-8746 | Untrusted Search Path vulnerability in Apache Ranger Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. | 5.9 |
| 2017-06-12 | CVE-2017-7667 | Origin Validation Error vulnerability in Apache Nifi Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin. | 7.5 |
| 2017-06-12 | CVE-2017-7665 | Cross-site Scripting vulnerability in Apache Nifi In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient. | 6.1 |
| 2017-06-07 | CVE-2015-5175 | Improper Input Validation vulnerability in Apache CXF Fediz Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. | 7.5 |
| 2017-06-06 | CVE-2016-5004 | Resource Exhaustion vulnerability in Apache Ws-Xmlrpc 3.1.3 The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes. | 6.5 |
| 2017-06-06 | CVE-2017-5664 | Improper Handling of Exceptional Conditions vulnerability in Apache Tomcat The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. | 7.5 |
| 2017-06-05 | CVE-2017-7669 | Improper Input Validation vulnerability in Apache Hadoop 2.8.0/3.0.0 In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. | 7.5 |
| 2017-05-30 | CVE-2016-3083 | Improper Certificate Validation vulnerability in Apache Hive Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). | 7.5 |