Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-16 | CVE-2019-17573 | Cross-site Scripting vulnerability in multiple products By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. | 6.1 |
| 2020-01-14 | CVE-2019-12398 | Cross-site Scripting vulnerability in Apache Airflow In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 4.8 |
| 2019-12-24 | CVE-2019-19924 | Improper Handling of Exceptional Conditions vulnerability in multiple products SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. | 5.3 |
| 2019-12-20 | CVE-2012-5639 | Exposure of Resource to Wrong Sphere vulnerability in multiple products LibreOffice and OpenOffice automatically open embedded content | 6.5 |
| 2019-12-16 | CVE-2019-12414 | Information Exposure vulnerability in Apache Superset In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab | 5.3 |
| 2019-12-16 | CVE-2019-12413 | Unspecified vulnerability in Apache Superset In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. | 5.3 |
| 2019-12-12 | CVE-2018-11805 | OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. | 6.7 |
| 2019-12-04 | CVE-2019-17554 | XXE vulnerability in Apache Olingo The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. | 5.5 |
| 2019-11-19 | CVE-2019-10083 | Information Exposure vulnerability in Apache Nifi When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). | 5.3 |
| 2019-11-19 | CVE-2019-10080 | XXE vulnerability in Apache Nifi The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. | 6.5 |