Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-01 | CVE-2017-12627 | NULL Pointer Dereference vulnerability in Apache Xerces-C++ In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | 9.8 |
| 2018-02-28 | CVE-2018-1304 | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. | 5.9 |
| 2018-02-28 | CVE-2018-1286 | Improper Authentication vulnerability in Apache Openmeetings In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. | 6.5 |
| 2018-02-27 | CVE-2017-7671 | Improper Input Validation vulnerability in multiple products There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. | 7.5 |
| 2018-02-27 | CVE-2017-5660 | Improper Input Validation vulnerability in multiple products There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. | 8.6 |
| 2018-02-27 | CVE-2012-3536 | Cross-site Scripting vulnerability in Apache Hupa Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. | 6.1 |
| 2018-02-27 | CVE-2017-15693 | Deserialization of Untrusted Data vulnerability in Apache Geode In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. | 7.5 |
| 2018-02-27 | CVE-2017-15692 | Deserialization of Untrusted Data vulnerability in Apache Geode In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. | 9.8 |
| 2018-02-26 | CVE-2017-15696 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. | 7.5 |
| 2018-02-23 | CVE-2018-1305 | Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. | 6.5 |