Vulnerabilities > Apache

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-19	CVE-2019-19906	Off-by-one Error vulnerability in multiple products cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. network low complexity cyrusimap debian canonical fedoraproject redhat apple apache CWE-193	7.5
2019-12-18	CVE-2018-1311	Use After Free vulnerability in multiple products The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. network high complexity apache redhat debian oracle fedoraproject CWE-416	8.1
2019-12-16	CVE-2019-12414	Information Exposure vulnerability in Apache Superset In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab network low complexity apache CWE-200	5.3
2019-12-16	CVE-2019-12413	Unspecified vulnerability in Apache Superset In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. network low complexity apache	5.3
2019-12-13	CVE-2014-0212	Resource Exhaustion vulnerability in Apache Qpid-Cpp qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors network low complexity apache CWE-400	7.5
2019-12-12	CVE-2019-12420	Resource Exhaustion vulnerability in multiple products In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. network low complexity apache debian CWE-400	7.5
2019-12-12	CVE-2018-11805	OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. local low complexity apache debian CWE-78	6.7
2019-12-09	CVE-2019-19603	SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. network low complexity sqlite oracle siemens apache netapp	7.5
2019-12-05	CVE-2012-1592	Unrestricted Upload of File with Dangerous Type vulnerability in Apache Struts 2.0.0 A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. network low complexity apache CWE-434	8.8
2019-12-04	CVE-2019-17555	Improper Input Validation vulnerability in Apache Olingo The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. network low complexity apache CWE-20	7.5

Vulnerabilities > Apache {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Apache"}]}

Vulnerabilities > Apache