High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-31	CVE-2018-11759	Path Traversal vulnerability in multiple products The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. network low complexity apache debian redhat CWE-22	7.5
2018-10-24	CVE-2018-11804	Unspecified vulnerability in Apache Spark Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. network low complexity apache	7.5
2018-10-09	CVE-2018-11796	XXE vulnerability in Apache Tika In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. network low complexity apache CWE-611	7.5
2018-10-05	CVE-2018-11778	Out-of-bounds Write vulnerability in Apache Ranger UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. network low complexity apache CWE-787	8.8
2018-09-21	CVE-2018-14889	Improper Input Validation vulnerability in Apache Couchdb CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. local low complexity apache CWE-20	7.8
2018-09-19	CVE-2018-11761	XXE vulnerability in multiple products In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. network low complexity apache oracle CWE-611	7.5
2018-09-18	CVE-2018-11787	Improper Authentication vulnerability in Apache Karaf In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. network high complexity apache CWE-287	8.1
2018-09-18	CVE-2018-11786	Improper Privilege Management vulnerability in Apache Karaf In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. network low complexity apache CWE-269	8.8
2018-09-17	CVE-2018-11781	Code Injection vulnerability in multiple products Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. local low complexity apache redhat debian canonical CWE-94	7.8
2018-09-13	CVE-2018-1330	Improper Input Validation vulnerability in Apache Mesos When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. network low complexity apache CWE-20	7.5