Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-14 | CVE-2020-1945 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. | 6.3 |
| 2020-05-04 | CVE-2019-17557 | Cross-site Scripting vulnerability in Apache Syncope It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. | 5.4 |
| 2020-04-28 | CVE-2020-9482 | Insufficient Session Expiration vulnerability in Apache Nifi Registry 0.1.0/0.5.0 If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. | 6.5 |
| 2020-04-27 | CVE-2020-9489 | Infinite Loop vulnerability in multiple products A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. | 5.5 |
| 2020-04-02 | CVE-2020-1927 | Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | 6.1 |
| 2020-04-01 | CVE-2020-1958 | Injection vulnerability in Apache Druid 0.17.0 When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. | 6.5 |
| 2020-04-01 | CVE-2018-11802 | Incorrect Authorization vulnerability in Apache Solr In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. | 4.3 |
| 2020-04-01 | CVE-2020-1954 | Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. | 5.3 |
| 2020-04-01 | CVE-2020-1934 | Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | 5.3 |
| 2020-04-01 | CVE-2020-1949 | Cross-site Scripting vulnerability in Apache Sling CMS Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. | 6.1 |