Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-06 | CVE-2018-17202 | Infinite Loop vulnerability in Apache Commons Imaging 0.97 Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. | 7.5 |
| 2019-05-06 | CVE-2018-17201 | Unspecified vulnerability in Apache Commons Imaging 0.97 Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. | 7.5 |
| 2019-05-01 | CVE-2019-0227 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. | 7.5 |
| 2019-04-30 | CVE-2019-0194 | Path Traversal vulnerability in Apache Camel Apache Camel's File is vulnerable to directory traversal. | 7.5 |
| 2019-04-23 | CVE-2019-0223 | While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. | 7.4 |
| 2019-04-23 | CVE-2018-1317 | Improper Authentication vulnerability in Apache Zeppelin In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication. | 8.8 |
| 2019-04-23 | CVE-2017-12619 | Session Fixation vulnerability in Apache Zeppelin Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. | 8.1 |
| 2019-04-15 | CVE-2019-0232 | OS Command Injection vulnerability in Apache Tomcat When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. | 8.1 |
| 2019-04-10 | CVE-2019-0229 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Airflow A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks. | 8.8 |
| 2019-04-10 | CVE-2019-0199 | Resource Exhaustion vulnerability in Apache Tomcat The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. | 7.5 |