Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-27 | CVE-2011-2177 | Unspecified vulnerability in Apache Openoffice 3.3.0 OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. network apache | 6.8 |
| 2019-11-26 | CVE-2011-3600 | XXE vulnerability in Apache Ofbiz The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. | 7.5 |
| 2019-11-19 | CVE-2019-12421 | Insufficient Session Expiration vulnerability in Apache Nifi When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. | 8.8 |
| 2019-11-19 | CVE-2019-10083 | Information Exposure vulnerability in Apache Nifi When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). | 5.3 |
| 2019-11-19 | CVE-2019-10080 | XXE vulnerability in Apache Nifi The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. | 6.5 |
| 2019-11-18 | CVE-2019-12422 | Unspecified vulnerability in Apache Shiro Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. | 7.5 |
| 2019-11-18 | CVE-2019-12409 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Solr 8.1.1/8.2.0 The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. | 9.8 |
| 2019-11-18 | CVE-2019-10070 | Cross-site Scripting vulnerability in Apache Atlas 0.8.3/1.1.0 Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality | 6.1 |
| 2019-11-18 | CVE-2019-10172 | XXE vulnerability in multiple products A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. | 7.5 |
| 2019-11-09 | CVE-2009-5004 | Improper Input Validation vulnerability in Apache Qpid-Cpp 1.0 qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | 4.0 |