Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-10 | CVE-2016-3085 | 7PK - Security Features vulnerability in Apache Cloudstack Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | 6.5 |
| 2016-06-07 | CVE-2016-3093 | Improper Input Validation vulnerability in multiple products Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. | 5.3 |
| 2016-06-01 | CVE-2016-3094 | Improper Input Validation vulnerability in Apache Qpid Broker-J 6.0.0/6.0.1/6.0.2 PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception. | 5.9 |
| 2016-05-18 | CVE-2016-0731 | Improper Access Control vulnerability in Apache Ambari The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | 4.9 |
| 2016-05-09 | CVE-2015-5208 | Improper Input Validation vulnerability in Apache Cordova Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | 4.4 |
| 2016-05-09 | CVE-2015-5207 | Improper Access Control vulnerability in Apache Cordova Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods. | 5.3 |
| 2016-05-05 | CVE-2016-2168 | Unspecified vulnerability in Apache Subversion The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. | 6.5 |
| 2016-05-05 | CVE-2016-2167 | Improper Access Control vulnerability in Apache Subversion The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. | 6.8 |
| 2016-04-19 | CVE-2015-1776 | Information Exposure vulnerability in Apache Hadoop Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file. | 6.2 |
| 2016-04-12 | CVE-2015-7520 | Cross-site Scripting vulnerability in Apache Wicket Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element. | 6.1 |