Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-31 | CVE-2017-15706 | Improperly Implemented Security Check for Standard vulnerability in Apache Tomcat As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. | 5.3 |
| 2018-01-31 | CVE-2017-15698 | Improper Certificate Validation vulnerability in multiple products When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. | 5.9 |
| 2018-01-29 | CVE-2017-12626 | Infinite Loop vulnerability in Apache POI Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). | 7.5 |
| 2018-01-25 | CVE-2017-15703 | Deserialization of Untrusted Data vulnerability in Apache Nifi Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. | 3.5 |
| 2018-01-24 | CVE-2017-15718 | Unspecified vulnerability in Apache Hadoop 2.7.3/2.7.4 The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications. | 9.8 |
| 2018-01-23 | CVE-2017-15697 | Improper Input Validation vulnerability in Apache Nifi A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. | 7.5 |
| 2018-01-23 | CVE-2017-12632 | Improper Input Validation vulnerability in Apache Nifi A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. | 5.0 |
| 2018-01-19 | CVE-2017-15713 | Information Exposure vulnerability in Apache Hadoop Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. | 6.5 |
| 2018-01-18 | CVE-2017-3158 | Race Condition vulnerability in Apache Guacamole A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. | 8.1 |
| 2018-01-18 | CVE-2016-6814 | Deserialization of Untrusted Data vulnerability in multiple products When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. | 7.5 |