Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-19 | CVE-2016-5394 | Cross-site Scripting vulnerability in Apache Sling In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. | 6.1 |
| 2017-07-17 | CVE-2017-7685 | Unspecified vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH. | 5.3 |
| 2017-07-17 | CVE-2017-7663 | Cross-site Scripting vulnerability in Apache Openmeetings 3.2.0/3.2.1 Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | 6.1 |
| 2017-07-13 | CVE-2017-7672 | Improper Input Validation vulnerability in Apache Struts If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 5.9 |
| 2017-07-12 | CVE-2017-7678 | Cross-site Scripting vulnerability in Apache Spark In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. | 6.1 |
| 2017-06-16 | CVE-2015-3254 | Improper Input Validation vulnerability in Apache Thrift The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. | 6.5 |
| 2017-06-14 | CVE-2017-7677 | Missing Authorization vulnerability in Apache Ranger In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table. | 5.9 |
| 2017-06-14 | CVE-2016-8751 | Cross-site Scripting vulnerability in Apache Ranger Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. | 4.8 |
| 2017-06-14 | CVE-2016-8746 | Untrusted Search Path vulnerability in Apache Ranger Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. | 5.9 |
| 2017-06-12 | CVE-2017-7665 | Cross-site Scripting vulnerability in Apache Nifi In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient. | 6.1 |