Vulnerabilities > Apache > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-15 | CVE-2014-0219 | Improper Input Validation vulnerability in Apache Karaf Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. | 2.1 |
| 2017-10-27 | CVE-2015-1835 | Improper Input Validation vulnerability in Apache Cordova Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. | 2.6 |
| 2017-10-24 | CVE-2017-12618 | Out-of-bounds Read vulnerability in Apache Portable Runtime Utility Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. | 1.9 |
| 2017-10-19 | CVE-2016-8748 | Cross-site Scripting vulnerability in Apache Nifi In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. | 3.5 |
| 2017-06-14 | CVE-2016-8751 | Cross-site Scripting vulnerability in Apache Ranger Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. | 3.5 |
| 2017-03-29 | CVE-2016-4976 | Information Exposure vulnerability in Apache Ambari Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. | 2.1 |
| 2017-02-02 | CVE-2016-1566 | Cross-site Scripting vulnerability in Apache Guacamole 0.9.8/0.9.9 Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. | 3.5 |
| 2016-09-26 | CVE-2016-5395 | Cross-site Scripting vulnerability in Apache Ranger Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies. | 3.5 |
| 2016-05-18 | CVE-2016-0707 | Permissions, Privileges, and Access Controls vulnerability in Apache Ambari The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. | 2.1 |
| 2015-11-08 | CVE-2015-4940 | Information Exposure vulnerability in Apache Ambari Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file. | 2.1 |