National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,663 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2019-12397

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.

Published: August 08, 2019; 02:15:10 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-10099

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.

Published: August 07, 2019; 01:15:12 PM -04:00
V3.0: 7.5 HIGH
    V2: 4.3 MEDIUM
CVE-2016-10796

cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).

Published: August 06, 2019; 10:15:11 AM -04:00
V3.0: 3.3 LOW
    V2: 2.1 LOW
CVE-2016-10786

cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).

Published: August 06, 2019; 09:15:11 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-10094

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.

Published: August 02, 2019; 03:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-10093

In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.

Published: August 02, 2019; 03:15:11 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-10088

A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.

Published: August 02, 2019; 03:15:11 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-18429

In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).

Published: August 02, 2019; 12:15:12 PM -04:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).

Published: August 02, 2019; 12:15:12 PM -04:00
V3.0: 2.5 LOW
    V2: 1.9 LOW
CVE-2017-18424

In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).

Published: August 02, 2019; 12:15:12 PM -04:00
V3.0: 3.3 LOW
    V2: 2.1 LOW
CVE-2017-18422

In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).

Published: August 02, 2019; 12:15:12 PM -04:00
V3.0: 3.3 LOW
    V2: 2.1 LOW
CVE-2017-18412

cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).

Published: August 02, 2019; 10:15:13 AM -04:00
V3.0: 2.5 LOW
    V2: 1.9 LOW
CVE-2018-20952

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).

Published: August 01, 2019; 01:15:13 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-20949

cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).

Published: August 01, 2019; 01:15:13 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-20932

cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).

Published: August 01, 2019; 12:15:13 PM -04:00
V3.0: 2.7 LOW
    V2: 4.0 MEDIUM
CVE-2019-0193

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.

Published: August 01, 2019; 10:15:13 AM -04:00
V3.0: 7.2 HIGH
    V2: 9.0 HIGH
CVE-2015-7559

It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

Published: August 01, 2019; 10:15:10 AM -04:00
V3.0: 4.9 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-20885

cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416).

Published: August 01, 2019; 09:15:13 AM -04:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

Published: July 30, 2019; 07:15:11 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-11774

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.

Published: July 29, 2019; 03:15:11 PM -04:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM