Vulnerabilities > Apache > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-08 | CVE-2019-12408 | Missing Initialization of Resource vulnerability in Apache Arrow 0.14.0/0.14.1 It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. | 7.5 |
2019-11-05 | CVE-2019-10084 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. | 7.5 |
2019-10-29 | CVE-2019-0210 | Out-of-bounds Read vulnerability in multiple products In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. | 7.5 |
2019-10-29 | CVE-2019-0205 | Infinite Loop vulnerability in multiple products In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. | 7.5 |
2019-10-29 | CVE-2012-2945 | Link Following vulnerability in Apache Hadoop 1.0.3 Hadoop 1.0.3 contains a symlink vulnerability. | 7.5 |
2019-10-22 | CVE-2019-10079 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Traffic Server Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. | 7.5 |
2019-10-08 | CVE-2019-17359 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. | 7.5 |
2019-10-04 | CVE-2018-11768 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Hadoop In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. | 7.5 |
2019-10-01 | CVE-2019-0231 | Cleartext Transmission of Sensitive Information vulnerability in Apache Mina 2.0.20/2.1.1 Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. | 7.5 |
2019-09-26 | CVE-2019-10097 | NULL Pointer Dereference vulnerability in multiple products In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. | 7.2 |