Vulnerabilities > Apache > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-08 | CVE-2015-4940 | Information Exposure vulnerability in Apache Ambari Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file. | 2.1 |
2015-11-02 | CVE-2015-3186 | Cross-site Scripting vulnerability in Apache Ambari Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. | 3.5 |
2014-07-28 | CVE-2013-4262 | Link Following vulnerability in Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. | 2.4 |
2014-07-28 | CVE-2013-7393 | Link Following vulnerability in Apache Subversion 1.8.0/1.8.1 The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. | 2.4 |
2014-01-30 | CVE-2013-0177 | Cross-Site Scripting vulnerability in Apache Ofbiz Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages. | 3.5 |
2014-01-24 | CVE-2013-2192 | Improper Authentication vulnerability in Apache Hadoop The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication. | 3.2 |
2014-01-15 | CVE-2013-6398 | Permissions, Privileges, and Access Controls vulnerability in Apache Cloudstack The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | 2.8 |
2014-01-07 | CVE-2013-6480 | Information Exposure vulnerability in Apache Libcloud Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM. | 2.1 |
2013-12-07 | CVE-2013-4505 | Permissions, Privileges, and Access Controls vulnerability in Apache MOD Dontdothat and Subversion The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. | 2.6 |
2013-09-16 | CVE-2013-4277 | Permissions, Privileges, and Access Controls vulnerability in Apache Subversion Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. | 3.3 |