Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-04 | CVE-2019-17555 | Improper Input Validation vulnerability in Apache Olingo The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. | 7.5 |
| 2019-12-03 | CVE-2016-1000104 | Improper Input Validation vulnerability in multiple products A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. | 8.8 |
| 2019-11-27 | CVE-2011-2177 | Unspecified vulnerability in Apache Openoffice 3.3.0 OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. | 7.8 |
| 2019-11-26 | CVE-2011-3600 | XXE vulnerability in Apache Ofbiz The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. | 7.5 |
| 2019-11-19 | CVE-2019-12421 | Insufficient Session Expiration vulnerability in Apache Nifi When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. | 8.8 |
| 2019-11-18 | CVE-2019-12422 | Unspecified vulnerability in Apache Shiro Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. | 7.5 |
| 2019-11-18 | CVE-2019-10172 | XXE vulnerability in multiple products A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. | 7.5 |
| 2019-11-08 | CVE-2019-12410 | Missing Initialization of Resource vulnerability in Apache Arrow While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. | 7.5 |
| 2019-11-08 | CVE-2019-12408 | Missing Initialization of Resource vulnerability in Apache Arrow 0.14.0/0.14.1 It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. | 7.5 |
| 2019-11-05 | CVE-2019-10084 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. | 7.5 |