Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-19 | CVE-2019-10083 | Information Exposure vulnerability in Apache Nifi When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). | 5.3 |
| 2019-11-19 | CVE-2019-10080 | XXE vulnerability in Apache Nifi The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. | 6.5 |
| 2019-11-18 | CVE-2019-12422 | Unspecified vulnerability in Apache Shiro Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. | 7.5 |
| 2019-11-18 | CVE-2019-12409 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Solr 8.1.1/8.2.0 The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. | 9.8 |
| 2019-11-18 | CVE-2019-10070 | Cross-site Scripting vulnerability in Apache Atlas 0.8.3/1.1.0 Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality | 6.1 |
| 2019-11-18 | CVE-2019-10172 | A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. | 7.5 |
| 2019-11-09 | CVE-2009-5004 | Improper Input Validation vulnerability in Apache Qpid-Cpp 1.0 qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | 6.5 |
| 2019-11-08 | CVE-2019-12410 | Missing Initialization of Resource vulnerability in Apache Arrow While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. | 7.5 |
| 2019-11-08 | CVE-2019-12408 | Missing Initialization of Resource vulnerability in Apache Arrow 0.14.0/0.14.1 It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. | 7.5 |
| 2019-11-06 | CVE-2019-12419 | Incorrect Authorization vulnerability in multiple products Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. | 9.8 |