Vulnerabilities > Apache

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-01	CVE-2018-10583	Information Exposure vulnerability in multiple products An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. network low complexity libreoffice apache debian redhat canonical CWE-200	7.5
2018-04-26	CVE-2017-15691	XXE vulnerability in Apache products In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. network low complexity apache CWE-611	6.5
2018-04-25	CVE-2018-1339	Infinite Loop vulnerability in Apache Tika A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. local low complexity apache CWE-835	5.5
2018-04-25	CVE-2018-1338	Infinite Loop vulnerability in Apache Tika A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. local low complexity apache CWE-835	5.5
2018-04-25	CVE-2018-1335	Unspecified vulnerability in Apache Tika From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. network high complexity apache	8.1
2018-04-20	CVE-2018-1292	SQL Injection vulnerability in Apache Fineract Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter. network low complexity apache CWE-89	8.1
2018-04-20	CVE-2018-1291	SQL Injection vulnerability in Apache Fineract Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. network low complexity apache CWE-89	8.1
2018-04-20	CVE-2018-1290	SQL Injection vulnerability in Apache Fineract In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. network low complexity apache CWE-89 critical	9.8
2018-04-20	CVE-2018-1289	SQL Injection vulnerability in Apache Fineract In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. network low complexity apache CWE-89	8.8
2018-04-19	CVE-2018-2799	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). network low complexity oracle redhat debian canonical hp schneider-electric apache	5.3

Vulnerabilities > Apache {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Apache"}]}

Vulnerabilities > Apache