Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-26 | CVE-2018-11779 | Deserialization of Untrusted Data vulnerability in Apache Storm In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. | 9.8 |
| 2019-07-15 | CVE-2019-0234 | Cross-site Scripting vulnerability in Apache Roller 5.2.0/5.2.1/5.2.2 A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. | 6.1 |
| 2019-07-11 | CVE-2018-17196 | Unspecified vulnerability in Apache Kafka In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. | 8.8 |
| 2019-06-21 | CVE-2019-10072 | Improper Locking vulnerability in Apache Tomcat The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . | 7.5 |
| 2019-06-21 | CVE-2017-15694 | Argument Injection or Modification vulnerability in Apache Geode When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. | 6.5 |
| 2019-06-19 | CVE-2019-10085 | Cross-site Scripting vulnerability in Apache Allura In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. | 6.1 |
| 2019-06-11 | CVE-2019-0197 | HTTP Request Smuggling vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. | 4.2 |
| 2019-06-11 | CVE-2019-0196 | Use After Free vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. | 5.3 |
| 2019-06-11 | CVE-2019-0220 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. | 5.3 |
| 2019-06-11 | CVE-2018-11801 | SQL Injection vulnerability in Apache Fineract SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table. | 9.8 |