Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-08 CVE-2019-12408 Missing Initialization of Resource vulnerability in Apache Arrow 0.14.0/0.14.1
It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases.
network
low complexity
apache CWE-909
7.5
2019-11-05 CVE-2019-10084 Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala
In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms.
network
high complexity
apache CWE-732
7.5
2019-10-29 CVE-2019-0210 Out-of-bounds Read vulnerability in multiple products
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
network
low complexity
apache redhat oracle CWE-125
7.5
2019-10-29 CVE-2019-0205 Infinite Loop vulnerability in multiple products
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data.
network
low complexity
apache redhat oracle CWE-835
7.5
2019-10-29 CVE-2012-2945 Link Following vulnerability in Apache Hadoop 1.0.3
Hadoop 1.0.3 contains a symlink vulnerability.
network
low complexity
apache CWE-59
7.5
2019-10-22 CVE-2019-10079 Allocation of Resources Without Limits or Throttling vulnerability in Apache Traffic Server
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks.
network
low complexity
apache CWE-770
7.5
2019-10-08 CVE-2019-17359 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data.
network
low complexity
bouncycastle apache netapp oracle CWE-770
7.5
2019-10-04 CVE-2018-11768 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Hadoop
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.
network
low complexity
apache CWE-119
7.5
2019-10-01 CVE-2019-0231 Cleartext Transmission of Sensitive Information vulnerability in Apache Mina 2.0.20/2.1.1
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward.
network
low complexity
apache CWE-319
7.5
2019-09-26 CVE-2019-10097 NULL Pointer Dereference vulnerability in multiple products
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference.
network
low complexity
apache oracle CWE-476
7.2