Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-11 | CVE-2019-10074 | Improper Encoding or Escaping of Output vulnerability in Apache Ofbiz An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. | 9.8 |
| 2019-09-11 | CVE-2019-10073 | Cross-site Scripting vulnerability in Apache Ofbiz The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. | 6.1 |
| 2019-09-11 | CVE-2019-0189 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz The java.io.ObjectInputStream is known to cause Java serialisation issues. | 9.8 |
| 2019-09-11 | CVE-2018-17200 | Unspecified vulnerability in Apache Ofbiz The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. | 9.8 |
| 2019-09-10 | CVE-2019-12401 | XML Entity Expansion vulnerability in Apache Solr Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. | 7.5 |
| 2019-09-09 | CVE-2019-12405 | Improper Authentication vulnerability in Apache Traffic Control 3.0.0/3.0.1 Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. | 9.8 |
| 2019-08-30 | CVE-2019-12402 | Infinite Loop vulnerability in multiple products The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. | 7.5 |
| 2019-08-28 | CVE-2019-15752 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. | 7.8 |
| 2019-08-26 | CVE-2019-15544 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in the protobuf crate before 2.6.0 for Rust. | 7.5 |
| 2019-08-23 | CVE-2019-12400 | Improper Input Validation vulnerability in multiple products In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. | 5.5 |