Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-11	CVE-2019-10073	Cross-site Scripting vulnerability in Apache Ofbiz The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. network low complexity apache CWE-79	6.1
2019-08-23	CVE-2019-12400	Improper Input Validation vulnerability in multiple products In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. local low complexity apache redhat oracle CWE-20	5.5
2019-08-13	CVE-2019-9516	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. network low complexity apple apache canonical debian fedoraproject synology opensuse redhat oracle mcafee f5 nodejs CWE-770	6.5
2019-08-08	CVE-2019-12397	Cross-site Scripting vulnerability in Apache Ranger Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. network low complexity apache CWE-79	6.1
2019-08-02	CVE-2019-10093	Allocation of Resources Without Limits or Throttling vulnerability in Apache Tika In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. network low complexity apache CWE-770	6.5
2019-07-15	CVE-2019-0234	Cross-site Scripting vulnerability in Apache Roller 5.2.0/5.2.1/5.2.2 A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. network low complexity apache CWE-79	6.1
2019-06-21	CVE-2017-15694	Argument Injection or Modification vulnerability in Apache Geode When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. network low complexity apache CWE-88	6.5
2019-06-19	CVE-2019-10085	Cross-site Scripting vulnerability in Apache Allura In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. network low complexity apache CWE-79	6.1
2019-06-11	CVE-2019-0197	HTTP Request Smuggling vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. network high complexity apache canonical fedoraproject opensuse redhat oracle CWE-444	4.2
2019-06-11	CVE-2019-0196	Use After Free vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. network low complexity apache canonical debian CWE-416	5.3