Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-08 | CVE-2018-1314 | Missing Authorization vulnerability in Apache Hive In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. | 4.3 |
| 2018-11-06 | CVE-2018-17184 | Cross-site Scripting vulnerability in Apache Syncope A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. | 5.4 |
| 2018-10-24 | CVE-2018-11785 | Missing Authorization vulnerability in Apache Impala Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. | 6.5 |
| 2018-10-10 | CVE-2018-8006 | Cross-site Scripting vulnerability in Apache Activemq An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. | 6.1 |
| 2018-10-05 | CVE-2018-11797 | In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. | 5.5 |
| 2018-10-04 | CVE-2017-5658 | Information Exposure vulnerability in Apache Pony Mail The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. | 5.3 |
| 2018-10-04 | CVE-2018-11784 | Open Redirect vulnerability in multiple products When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. | 4.3 |
| 2018-09-25 | CVE-2018-11763 | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. | 5.9 |
| 2018-09-21 | CVE-2018-8023 | Information Exposure vulnerability in Apache Mesos Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). | 5.9 |
| 2018-09-19 | CVE-2018-8017 | Infinite Loop vulnerability in Apache Tika In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. | 5.5 |