Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-28 | CVE-2019-0212 | Unspecified vulnerability in Apache Hbase In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. | 7.5 |
| 2019-03-25 | CVE-2019-0204 | A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. | 7.8 |
| 2019-03-21 | CVE-2018-11789 | Path Traversal vulnerability in Apache Heron When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. | 7.5 |
| 2019-03-21 | CVE-2018-11767 | Improper Privilege Management vulnerability in Apache Hadoop In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms. | 7.4 |
| 2019-03-08 | CVE-2017-3164 | Server-Side Request Forgery (SSRF) vulnerability in Apache Solr Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). | 7.5 |
| 2019-03-07 | CVE-2018-11783 | Information Exposure vulnerability in Apache Traffic Server sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. | 7.5 |
| 2019-03-06 | CVE-2019-0200 | Unspecified vulnerability in Apache Qpid Broker-J A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). | 7.5 |
| 2019-03-05 | CVE-2018-11793 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Mesos When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. | 7.5 |
| 2019-02-11 | CVE-2019-5736 | OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78 | 8.6 |
| 2019-02-07 | CVE-2018-1340 | Missing Encryption of Sensitive Data vulnerability in Apache Guacamole Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. | 7.5 |