Vulnerabilities > Apache

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-02	CVE-2014-0048	Improper Input Validation vulnerability in multiple products An issue was found in Docker before 1.6.0. network low complexity docker apache CWE-20 critical	9.8
2019-12-30	CVE-2019-17558	Injection vulnerability in multiple products Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. network high complexity apache oracle CWE-74	7.5
2019-12-24	CVE-2019-19924	Improper Handling of Exceptional Conditions vulnerability in multiple products SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. network low complexity sqlite siemens apache oracle netapp CWE-755	5.3
2019-12-23	CVE-2019-12418	When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. local high complexity apache debian oracle canonical opensuse netapp	7.0
2019-12-23	CVE-2019-17563	Session Fixation vulnerability in multiple products When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. network high complexity apache debian opensuse canonical oracle CWE-384	7.5
2019-12-20	CVE-2019-17571	Deserialization of Untrusted Data vulnerability in multiple products Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. network low complexity apache debian canonical opensuse netapp oracle CWE-502 critical	9.8
2019-12-20	CVE-2012-5639	Exposure of Resource to Wrong Sphere vulnerability in multiple products LibreOffice and OpenOffice automatically open embedded content network low complexity libreoffice debian apache CWE-668	6.5
2019-12-19	CVE-2019-19906	Off-by-one Error vulnerability in multiple products cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. network low complexity cyrusimap debian canonical fedoraproject redhat apple apache CWE-193	7.5
2019-12-18	CVE-2018-1311	Use After Free vulnerability in multiple products The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. network high complexity apache redhat debian oracle fedoraproject CWE-416	8.1
2019-12-16	CVE-2019-12414	Information Exposure vulnerability in Apache Superset In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab network low complexity apache CWE-200	5.3

Vulnerabilities > Apache {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Apache"}]}

Vulnerabilities > Apache