Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-1943 Cross-site Scripting vulnerability in Apache Ofbiz
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
network
low complexity
apache CWE-79
6.1
6.1
2020-03-23 CVE-2020-1951 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-835
5.5
5.5
2020-03-23 CVE-2020-1950 Resource Exhaustion vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-400
5.5
5.5
2020-03-19 CVE-2019-12416 Injection vulnerability in Apache Deltaspike
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js.
network
low complexity
apache CWE-74
6.1
6.1
2020-03-11 CVE-2011-2487 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
network
high complexity
apache redhat CWE-327
5.9
5.9
2020-02-27 CVE-2015-2992 Cross-site Scripting vulnerability in Apache Struts
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
network
low complexity
apache CWE-79
6.1
6.1
2020-02-24 CVE-2020-1935 HTTP Request Smuggling vulnerability in multiple products
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid.
network
high complexity
apache debian canonical opensuse netapp oracle CWE-444
4.8
4.8
2020-02-24 CVE-2019-17569 HTTP Request Smuggling vulnerability in multiple products
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression.
network
high complexity
apache opensuse netapp debian oracle CWE-444
4.8
4.8
2020-02-06 CVE-2019-12426 Unspecified vulnerability in Apache Ofbiz
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
network
low complexity
apache
5.3
5.3
2020-01-28 CVE-2020-1933 Cross-site Scripting vulnerability in Apache Nifi
A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0.
network
low complexity
apache CWE-79
6.1
6.1