Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-01-07 CVE-2018-11798 File and Directory Information Exposure vulnerability in Apache Thrift
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
network
low complexity
apache CWE-538
6.5
2018-12-24 CVE-2018-17197 Infinite Loop vulnerability in Apache Tika
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
network
low complexity
apache CWE-835
6.5
2018-12-19 CVE-2018-11799 Improper Input Validation vulnerability in Apache Oozie
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users.
network
low complexity
apache CWE-20
6.5
2018-12-19 CVE-2018-17193 Cross-site Scripting vulnerability in Apache Nifi
The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack.
network
low complexity
apache CWE-79
6.1
2018-12-19 CVE-2018-17192 Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Nifi
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers.
network
low complexity
apache CWE-1021
6.5
2018-11-08 CVE-2018-1314 Missing Authorization vulnerability in Apache Hive
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query.
network
low complexity
apache CWE-862
4.3
2018-11-06 CVE-2018-17184 Cross-site Scripting vulnerability in Apache Syncope
A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions.
network
low complexity
apache CWE-79
5.4
2018-10-24 CVE-2018-11785 Missing Authorization vulnerability in Apache Impala
Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.
network
low complexity
apache CWE-862
6.5
2018-10-10 CVE-2018-8006 Cross-site Scripting vulnerability in Apache Activemq
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5.
network
low complexity
apache CWE-79
6.1
2018-10-05 CVE-2018-11797 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
local
low complexity
apache fedoraproject oracle
5.5