| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-0216 |
79 |
|
XSS |
2019-04-10 |
2019-04-11 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. |
|
2 |
CVE-2018-20244 |
79 |
|
XSS |
2019-02-27 |
2019-04-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. |
|
3 |
CVE-2018-8024 |
200 |
|
+Info |
2018-07-12 |
2018-09-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not. |
|
4 |
CVE-2018-1313 |
|
|
|
2018-05-07 |
2019-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work. |
|
5 |
CVE-2018-1283 |
20 |
|
|
2018-03-26 |
2019-08-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. |
|
6 |
CVE-2017-15703 |
502 |
|
DoS |
2018-01-25 |
2018-02-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release. |
|
7 |
CVE-2017-12630 |
79 |
|
XSS +Info |
2017-12-18 |
2018-01-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. |
|
8 |
CVE-2017-12613 |
125 |
|
DoS |
2017-10-23 |
2019-10-02 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. |
|
9 |
CVE-2017-9796 |
200 |
|
+Info |
2018-01-09 |
2018-02-02 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. |
|
10 |
CVE-2017-3165 |
79 |
|
XSS |
2017-09-13 |
2017-09-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability. |
|
11 |
CVE-2016-8751 |
79 |
|
Exec Code XSS |
2017-06-14 |
2017-06-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies. |
|
12 |
CVE-2016-8748 |
79 |
|
XSS |
2017-10-19 |
2019-05-01 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM. |
|
13 |
CVE-2016-8612 |
20 |
|
|
2018-03-09 |
2019-10-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. |
|
14 |
CVE-2016-5395 |
79 |
|
XSS |
2016-09-26 |
2016-09-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies. |
|
15 |
CVE-2016-5005 |
79 |
|
XSS |
2016-07-28 |
2019-04-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action. |
|
16 |
CVE-2016-0782 |
79 |
|
XSS +Info |
2016-08-05 |
2018-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. |
|
17 |
CVE-2015-3186 |
79 |
|
XSS |
2015-11-02 |
2015-11-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. |
|
18 |
CVE-2014-0228 |
284 |
|
+Info |
2014-11-16 |
2018-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI. |
|
19 |
CVE-2013-4558 |
20 |
|
DoS |
2013-12-07 |
2013-12-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. |
|
20 |
CVE-2013-4277 |
264 |
|
|
2013-09-16 |
2017-09-18 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. |
|
21 |
CVE-2013-2192 |
287 |
|
+Info |
2014-01-24 |
2017-03-23 |
3.2 |
None |
Local Network |
High |
Not required |
Partial |
Partial |
None |
|
The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication. |
|
22 |
CVE-2013-0248 |
264 |
|
|
2013-03-15 |
2017-10-19 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. |
|
23 |
CVE-2013-0177 |
79 |
|
XSS |
2014-01-30 |
2018-05-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages. |
|
24 |
CVE-2012-2381 |
79 |
|
XSS |
2012-06-26 |
2013-10-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. |
|
25 |
CVE-2010-4644 |
399 |
|
DoS |
2011-01-07 |
2017-08-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. |
|
26 |
CVE-2010-0684 |
79 |
|
XSS |
2010-04-05 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. |
|
27 |
CVE-2007-6421 |
79 |
|
XSS |
2008-01-08 |
2018-10-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. |
|
28 |
CVE-2007-5731 |
22 |
|
Dir. Trav. |
2007-10-30 |
2017-09-28 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461. |
|
29 |
CVE-2007-5461 |
22 |
|
Dir. Trav. |
2007-10-15 |
2018-10-15 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
|
30 |
CVE-2007-2450 |
79 |
|
XSS |
2007-06-14 |
2018-10-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. |
|
31 |
CVE-2007-1742 |
|
|
|
2007-04-13 |
2008-11-13 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." |
