Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-19 | CVE-2016-8748 | Cross-site Scripting vulnerability in Apache Nifi In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. | 5.4 |
| 2017-10-16 | CVE-2016-8734 | Resource Exhaustion vulnerability in multiple products Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. | 6.5 |
| 2017-10-13 | CVE-2016-6815 | Credentials Management vulnerability in Apache Ranger In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. | 6.5 |
| 2017-10-10 | CVE-2017-12623 | XXE vulnerability in Apache Nifi An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. | 6.5 |
| 2017-10-04 | CVE-2017-9792 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala 2.8.0/2.9.0 In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. | 6.5 |
| 2017-10-03 | CVE-2017-9797 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. | 6.5 |
| 2017-10-03 | CVE-2014-0043 | Information Exposure vulnerability in Apache Wicket 1.5.10/6.13.0 In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use. | 5.3 |
| 2017-09-30 | CVE-2017-9794 | Information Exposure vulnerability in Apache Geode When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. | 4.3 |
| 2017-09-25 | CVE-2015-5169 | Cross-site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | 6.1 |
| 2017-09-20 | CVE-2016-8738 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 5.9 |