Vulnerabilities > Apache > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-07 | CVE-2018-11798 | File and Directory Information Exposure vulnerability in Apache Thrift The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path. | 6.5 |
2018-12-24 | CVE-2018-17197 | Infinite Loop vulnerability in Apache Tika A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. | 6.5 |
2018-12-19 | CVE-2018-11799 | Improper Input Validation vulnerability in Apache Oozie Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. | 6.5 |
2018-12-19 | CVE-2018-17193 | Cross-site Scripting vulnerability in Apache Nifi The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. | 6.1 |
2018-12-19 | CVE-2018-17192 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Nifi The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. | 6.5 |
2018-11-08 | CVE-2018-1314 | Missing Authorization vulnerability in Apache Hive In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. | 4.3 |
2018-11-06 | CVE-2018-17184 | Cross-site Scripting vulnerability in Apache Syncope A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. | 5.4 |
2018-10-24 | CVE-2018-11785 | Missing Authorization vulnerability in Apache Impala Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. | 6.5 |
2018-10-10 | CVE-2018-8006 | Cross-site Scripting vulnerability in Apache Activemq An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. | 6.1 |
2018-10-05 | CVE-2018-11797 | In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. | 5.5 |