Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-12 | CVE-2019-12420 | Resource Exhaustion vulnerability in multiple products In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. | 7.5 |
| 2019-12-12 | CVE-2018-11805 | OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. | 6.7 |
| 2019-12-09 | CVE-2019-19603 | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | 7.5 |
| 2019-12-05 | CVE-2012-1592 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Struts 2.0.0 A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. | 8.8 |
| 2019-12-04 | CVE-2019-17555 | Improper Input Validation vulnerability in Apache Olingo The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. | 7.5 |
| 2019-12-04 | CVE-2019-17556 | Deserialization of Untrusted Data vulnerability in Apache Olingo Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. | 9.8 |
| 2019-12-04 | CVE-2019-17554 | XXE vulnerability in Apache Olingo The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. | 5.5 |
| 2019-12-03 | CVE-2016-1000104 | Improper Input Validation vulnerability in multiple products A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. | 8.8 |
| 2019-11-27 | CVE-2011-2177 | Unspecified vulnerability in Apache Openoffice 3.3.0 OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. | 7.8 |
| 2019-11-26 | CVE-2011-3600 | XXE vulnerability in Apache Ofbiz The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. | 7.5 |