Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-30 | CVE-2019-14439 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. | 7.5 |
| 2019-07-29 | CVE-2018-11774 | SQL Injection vulnerability in Apache Virtual Computing LAB Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. | 7.2 |
| 2019-07-29 | CVE-2018-11773 | Improper Input Validation vulnerability in Apache Virtual Computing LAB Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. | 9.8 |
| 2019-07-29 | CVE-2018-11772 | SQL Injection vulnerability in Apache Virtual Computing LAB Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. | 7.2 |
| 2019-07-26 | CVE-2019-13990 | XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 |
| 2019-07-26 | CVE-2019-0202 | Information Exposure Through Log Files vulnerability in Apache Storm The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. | 7.5 |
| 2019-07-26 | CVE-2018-11779 | Deserialization of Untrusted Data vulnerability in Apache Storm In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. | 9.8 |
| 2019-07-15 | CVE-2019-0234 | Cross-site Scripting vulnerability in Apache Roller 5.2.0/5.2.1/5.2.2 A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. | 6.1 |
| 2019-07-11 | CVE-2018-17196 | Unspecified vulnerability in Apache Kafka In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. | 8.8 |
| 2019-06-21 | CVE-2019-10072 | Improper Locking vulnerability in Apache Tomcat The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . | 7.5 |