Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-07 | CVE-2018-1296 | Information Exposure vulnerability in Apache Hadoop In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent. | 7.5 |
| 2019-02-05 | CVE-2018-11803 | Access of Uninitialized Pointer vulnerability in multiple products Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. | 7.5 |
| 2019-01-31 | CVE-2018-11790 | Incorrect Calculation vulnerability in multiple products When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. | 7.8 |
| 2019-01-30 | CVE-2019-0190 | A bug exists in the way mod_ssl handled client renegotiations. | 7.5 |
| 2019-01-30 | CVE-2018-17199 | Session Fixation vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. | 7.5 |
| 2019-01-23 | CVE-2018-20245 | Improper Certificate Validation vulnerability in Apache Airflow The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking. | 7.5 |
| 2019-01-23 | CVE-2017-17835 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Airflow In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. | 8.8 |
| 2019-01-23 | CVE-2017-15720 | Improper Input Validation vulnerability in Apache Airflow In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object. | 8.8 |
| 2019-01-07 | CVE-2018-1320 | Improper Certificate Validation vulnerability in multiple products Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. | 7.5 |
| 2019-01-02 | CVE-2018-17188 | Unspecified vulnerability in Apache Couchdb Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. | 7.2 |