Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-20 | CVE-2017-12607 | Out-of-bounds Write vulnerability in multiple products A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. | 6.8 |
| 2017-11-20 | CVE-2017-9806 | Out-of-bounds Write vulnerability in Apache Openoffice A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. | 6.8 |
| 2017-11-20 | CVE-2016-6804 | Permissions, Privileges, and Access Controls vulnerability in Apache Openoffice The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. | 9.3 |
| 2017-11-15 | CVE-2014-0219 | Improper Input Validation vulnerability in Apache Karaf Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. | 2.1 |
| 2017-11-15 | CVE-2017-12634 | Deserialization of Untrusted Data vulnerability in Apache Camel The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. | 9.8 |
| 2017-11-15 | CVE-2017-12633 | Deserialization of Untrusted Data vulnerability in Apache Camel The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. | 9.8 |
| 2017-11-14 | CVE-2017-12636 | OS Command Injection vulnerability in Apache Couchdb CouchDB administrative users can configure the database server via HTTP(S). | 7.2 |
| 2017-11-14 | CVE-2017-12635 | Improper Privilege Management vulnerability in Apache Couchdb Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. | 9.8 |
| 2017-11-14 | CVE-2017-12624 | Unspecified vulnerability in Apache CXF Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. | 5.5 |
| 2017-11-13 | CVE-2017-3166 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Hadoop In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. | 7.8 |