Vulnerabilities > Apache

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-11	CVE-2011-2487	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. network high complexity apache redhat CWE-327	5.9
2020-03-02	CVE-2019-14892	Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. network low complexity fasterxml redhat apache CWE-502 critical	9.8
2020-02-27	CVE-2015-2992	Cross-site Scripting vulnerability in Apache Struts Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. network low complexity apache CWE-79	6.1
2020-02-24	CVE-2020-1938	When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. network low complexity apache fedoraproject oracle debian opensuse blackberry netapp critical	9.8
2020-02-24	CVE-2020-1935	HTTP Request Smuggling vulnerability in multiple products In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. network high complexity apache debian canonical opensuse netapp oracle CWE-444	4.8
2020-02-24	CVE-2019-17569	HTTP Request Smuggling vulnerability in multiple products The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. network high complexity apache opensuse netapp debian oracle CWE-444	4.8
2020-02-24	CVE-2020-1937	SQL Injection vulnerability in Apache Kylin Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries. network low complexity apache CWE-89	8.8
2020-02-18	CVE-2014-4651	Improper Input Validation vulnerability in Apache Jclouds 1.7.3 It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. network low complexity apache CWE-20 critical	9.8
2020-02-11	CVE-2020-1942	Information Exposure Through Log Files vulnerability in Apache Nifi In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. network low complexity apache CWE-532	7.5
2020-02-11	CVE-2020-5529	Improper Initialization vulnerability in multiple products HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. network high complexity htmlunit debian canonical apache CWE-665	8.1

Vulnerabilities > Apache {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Apache"}]}

Vulnerabilities > Apache