Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-01 | CVE-2017-15707 | Improper Input Validation vulnerability in multiple products In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | 6.2 |
| 2017-11-20 | CVE-2017-3157 | Information Exposure vulnerability in multiple products By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. | 5.5 |
| 2017-11-15 | CVE-2014-0219 | Improper Input Validation vulnerability in Apache Karaf Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. | 5.5 |
| 2017-11-14 | CVE-2017-12624 | Unspecified vulnerability in Apache CXF Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. | 5.5 |
| 2017-11-01 | CVE-2017-12625 | Information Exposure vulnerability in Apache Hive Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. | 4.3 |
| 2017-10-30 | CVE-2012-5636 | Cross-site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response. | 6.1 |
| 2017-10-30 | CVE-2009-1198 | Cross-site Scripting vulnerability in Apache Juddi Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp. | 6.1 |
| 2017-10-30 | CVE-2009-1197 | Improper Input Validation vulnerability in Apache Juddi 0.9/2.0 Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp. | 5.3 |
| 2017-10-27 | CVE-2015-1835 | Improper Input Validation vulnerability in Apache Cordova Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. | 5.3 |
| 2017-10-24 | CVE-2017-12618 | Out-of-bounds Read vulnerability in Apache Portable Runtime Utility Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. | 4.7 |