Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-01 | CVE-2016-3094 | Improper Input Validation vulnerability in Apache Qpid Broker-J 6.0.0/6.0.1/6.0.2 PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception. | 5.9 |
| 2016-06-01 | CVE-2016-3088 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Activemq The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | 9.8 |
| 2016-06-01 | CVE-2016-2175 | Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. | 7.8 |
| 2016-05-18 | CVE-2016-0731 | Improper Access Control vulnerability in Apache Ambari The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | 4.9 |
| 2016-05-18 | CVE-2016-0707 | Permissions, Privileges, and Access Controls vulnerability in Apache Ambari The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. | 3.3 |
| 2016-05-13 | CVE-2016-2099 | Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. | 9.8 |
| 2016-05-09 | CVE-2015-5208 | Improper Input Validation vulnerability in Apache Cordova Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | 4.4 |
| 2016-05-09 | CVE-2015-5207 | Improper Access Control vulnerability in Apache Cordova Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods. | 5.3 |
| 2016-05-05 | CVE-2016-2168 | Unspecified vulnerability in Apache Subversion The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. | 6.5 |
| 2016-05-05 | CVE-2016-2167 | Improper Access Control vulnerability in Apache Subversion The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. | 6.8 |