Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-09-09 CVE-2019-12405 Improper Authentication vulnerability in Apache Traffic Control 3.0.0/3.0.1
Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component.
network
low complexity
apache CWE-287
critical
9.8
2019-07-29 CVE-2018-11773 Improper Input Validation vulnerability in Apache Virtual Computing LAB
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation.
network
low complexity
apache CWE-20
critical
9.8
2019-07-26 CVE-2019-13990 XXE vulnerability in multiple products
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
network
low complexity
softwareag oracle apache netapp atlassian CWE-611
critical
9.8
2019-07-26 CVE-2018-11779 Deserialization of Untrusted Data vulnerability in Apache Storm
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
network
low complexity
apache CWE-502
critical
9.8
2019-06-11 CVE-2018-11801 SQL Injection vulnerability in Apache Fineract
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
network
low complexity
apache CWE-89
critical
9.8
2019-06-11 CVE-2018-11800 SQL Injection vulnerability in Apache Fineract
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
network
low complexity
apache CWE-89
critical
9.8
2019-05-28 CVE-2018-17198 Server-Side Request Forgery (SSRF) vulnerability in Apache Roller
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability.
network
low complexity
apache CWE-918
critical
9.8
2019-04-17 CVE-2019-0228 XXE vulnerability in multiple products
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
network
low complexity
apache fedoraproject oracle CWE-611
critical
9.8
2019-03-07 CVE-2019-0192 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request.
network
low complexity
apache netapp CWE-502
critical
9.8
2019-03-06 CVE-2019-0187 Deserialization of Untrusted Data vulnerability in Apache Jmeter 4.0/5.0
Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options).
network
low complexity
apache CWE-502
critical
9.8