Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-18 CVE-2019-12422 Unspecified vulnerability in Apache Shiro
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
network
low complexity
apache
7.5
2019-11-18 CVE-2019-10172 A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries.
network
low complexity
fasterxml redhat debian apache
7.5
2019-11-08 CVE-2019-12410 Missing Initialization of Resource vulnerability in Apache Arrow
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet.
network
low complexity
apache CWE-909
7.5
2019-11-08 CVE-2019-12408 Missing Initialization of Resource vulnerability in Apache Arrow 0.14.0/0.14.1
It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases.
network
low complexity
apache CWE-909
7.5
2019-11-05 CVE-2019-10084 Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala
In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms.
network
high complexity
apache CWE-732
7.5
2019-10-29 CVE-2019-0210 Out-of-bounds Read vulnerability in multiple products
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
network
low complexity
apache redhat oracle CWE-125
7.5
2019-10-29 CVE-2019-0205 Infinite Loop vulnerability in multiple products
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data.
network
low complexity
apache redhat oracle CWE-835
7.5
2019-10-29 CVE-2012-2945 Link Following vulnerability in Apache Hadoop 1.0.3
Hadoop 1.0.3 contains a symlink vulnerability.
network
low complexity
apache CWE-59
7.5
2019-10-22 CVE-2019-10079 Allocation of Resources Without Limits or Throttling vulnerability in Apache Traffic Server
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks.
network
low complexity
apache CWE-770
7.5
2019-10-08 CVE-2019-17359 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data.
network
low complexity
bouncycastle apache netapp oracle CWE-770
7.5