Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-27 CVE-2015-1835 Improper Input Validation vulnerability in Apache Cordova
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
network
high complexity
apache CWE-20
5.3
2017-10-24 CVE-2017-12618 Out-of-bounds Read vulnerability in Apache Portable Runtime Utility
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access.
local
high complexity
apache CWE-125
4.7
2017-10-19 CVE-2016-8748 Cross-site Scripting vulnerability in Apache Nifi
In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user.
network
low complexity
apache CWE-79
5.4
2017-10-16 CVE-2016-8734 Resource Exhaustion vulnerability in multiple products
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion.
network
low complexity
apache debian CWE-400
6.5
2017-10-13 CVE-2016-6815 Credentials Management vulnerability in Apache Ranger
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
network
low complexity
apache CWE-255
6.5
2017-10-10 CVE-2017-12623 XXE vulnerability in Apache Nifi
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack.
network
low complexity
apache CWE-611
6.5
2017-10-04 CVE-2017-9792 Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala 2.8.0/2.9.0
In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables.
network
low complexity
apache CWE-732
6.5
2017-10-03 CVE-2017-9797 Information Exposure vulnerability in Apache Geode
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages.
network
high complexity
apache CWE-200
6.5
2017-10-03 CVE-2014-0043 Information Exposure vulnerability in Apache Wicket 1.5.10/6.13.0
In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.
network
low complexity
apache CWE-200
5.3
2017-09-30 CVE-2017-9794 Information Exposure vulnerability in Apache Geode
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries.
network
low complexity
apache CWE-200
4.3