Vulnerabilities > Apache

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-23	CVE-2020-1951	Infinite Loop vulnerability in multiple products A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. local low complexity apache oracle debian canonical CWE-835	5.5
2020-03-23	CVE-2020-1950	Resource Exhaustion vulnerability in multiple products A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. local low complexity apache oracle debian canonical CWE-400	5.5
2020-03-19	CVE-2019-12416	Injection vulnerability in Apache Deltaspike we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. network low complexity apache CWE-74	6.1
2020-03-16	CVE-2019-10091	Improper Certificate Validation vulnerability in Apache Geode 1.9.0 When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. network high complexity apache CWE-295	7.4
2020-03-13	CVE-2020-1953	Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. network low complexity apache oracle critical	10.0
2020-03-11	CVE-2020-1947	Deserialization of Untrusted Data vulnerability in Apache Shardingsphere 4.0.0 In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. network low complexity apache CWE-502 critical	9.8
2020-03-11	CVE-2011-2487	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. network high complexity apache redhat CWE-327	5.9
2020-03-02	CVE-2019-14892	Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. network low complexity fasterxml redhat apache CWE-502 critical	9.8
2020-02-27	CVE-2015-2992	Cross-site Scripting vulnerability in Apache Struts Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. network low complexity apache CWE-79	6.1
2020-02-24	CVE-2020-1938	When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. network low complexity apache fedoraproject oracle debian opensuse blackberry netapp critical	9.8

Vulnerabilities > Apache {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Apache"}]}

Vulnerabilities > Apache