Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-07 | CVE-2018-1320 | Improper Certificate Validation vulnerability in multiple products Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. | 7.5 |
| 2019-01-02 | CVE-2018-17188 | Unspecified vulnerability in Apache Couchdb Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. | 7.2 |
| 2018-12-19 | CVE-2018-17195 | Incorrect Authorization vulnerability in Apache Nifi The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. | 7.5 |
| 2018-12-19 | CVE-2018-17194 | Improper Input Validation vulnerability in Apache Nifi When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. | 7.5 |
| 2018-12-13 | CVE-2018-8033 | Information Exposure vulnerability in Apache Ofbiz In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. | 7.5 |
| 2018-11-27 | CVE-2018-11766 | Unspecified vulnerability in Apache Hadoop 2.7.4/2.7.5/2.7.6 In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. | 8.8 |
| 2018-11-13 | CVE-2018-8009 | Path Traversal vulnerability in Apache Hadoop Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. | 8.8 |
| 2018-11-13 | CVE-2018-17187 | Improper Certificate Validation vulnerability in Apache Qpid Proton-J The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. | 7.4 |
| 2018-11-08 | CVE-2018-11777 | Unspecified vulnerability in Apache Hive In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use. | 8.1 |
| 2018-11-06 | CVE-2018-17186 | XXE vulnerability in Apache Syncope An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. | 7.2 |