NVD List
Id | Name | Description | Reject | CVSS Version | CVSS Score | Severity | Pub Date | Modified Date | Actions |
---|---|---|---|---|---|---|---|---|---|
88003 | CVE-2017-5640 | It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened. | 2 | 7.5 | High | 2017-07-18 | 2017-07-17 | View | |
84689 | CVE-2017-5642 | During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | 2 | 7.5 | High | 2017-04-27 | 2017-04-10 | View | |
83233 | CVE-2017-5643 | Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | 2 | 5.8 | Medium | 2017-04-27 | 2017-03-31 | View | |
83742 | CVE-2017-5644 | Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | 2 | 7.1 | High | 2017-03-29 | 2017-03-28 | View | |
84690 | CVE-2017-5645 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 2 | 7.5 | High | 2017-04-27 | 2017-04-24 | View |
Page 17218 of 17672, showing 5 records out of 88360 total, starting on record 86086, ending on 86090