Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-20 | CVE-2012-5639 | Exposure of Resource to Wrong Sphere vulnerability in multiple products LibreOffice and OpenOffice automatically open embedded content | 6.5 |
| 2019-12-16 | CVE-2019-12414 | Information Exposure vulnerability in Apache Superset In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab | 5.3 |
| 2019-12-16 | CVE-2019-12413 | Unspecified vulnerability in Apache Superset In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. | 5.3 |
| 2019-12-12 | CVE-2018-11805 | OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. | 6.7 |
| 2019-12-04 | CVE-2019-17554 | XXE vulnerability in Apache Olingo The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. | 5.5 |
| 2019-11-19 | CVE-2019-10083 | Information Exposure vulnerability in Apache Nifi When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). | 5.3 |
| 2019-11-19 | CVE-2019-10080 | XXE vulnerability in Apache Nifi The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. | 6.5 |
| 2019-11-18 | CVE-2019-10070 | Cross-site Scripting vulnerability in Apache Atlas 0.8.3/1.1.0 Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality | 6.1 |
| 2019-11-09 | CVE-2009-5004 | Improper Input Validation vulnerability in Apache Qpid-Cpp 1.0 qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | 6.5 |
| 2019-11-06 | CVE-2019-12406 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. | 6.5 |