Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2015-2992 | Cross-site Scripting vulnerability in Apache Struts Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2020-02-24 | CVE-2020-1935 | HTTP Request Smuggling vulnerability in multiple products In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. | 4.8 |
| 2020-02-24 | CVE-2019-17569 | HTTP Request Smuggling vulnerability in multiple products The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. | 4.8 |
| 2020-02-06 | CVE-2019-12426 | Unspecified vulnerability in Apache Ofbiz an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06 | 5.3 |
| 2020-01-28 | CVE-2020-1933 | Cross-site Scripting vulnerability in Apache Nifi A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. | 6.1 |
| 2020-01-28 | CVE-2020-1932 | Unspecified vulnerability in Apache Superset An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. | 6.5 |
| 2020-01-28 | CVE-2020-1928 | Information Exposure Through Log Files vulnerability in Apache Nifi 1.10.0 An information disclosure vulnerability was found in Apache NiFi 1.10.0. | 5.3 |
| 2020-01-16 | CVE-2019-17573 | Cross-site Scripting vulnerability in multiple products By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. | 6.1 |
| 2020-01-14 | CVE-2019-12398 | Cross-site Scripting vulnerability in Apache Airflow In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 4.8 |
| 2019-12-24 | CVE-2019-19924 | Improper Handling of Exceptional Conditions vulnerability in multiple products SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. | 5.3 |