Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-11 | CVE-2019-0189 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz The java.io.ObjectInputStream is known to cause Java serialisation issues. | 9.8 |
| 2019-09-11 | CVE-2018-17200 | Unspecified vulnerability in Apache Ofbiz The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. | 9.8 |
| 2019-09-09 | CVE-2019-12405 | Improper Authentication vulnerability in Apache Traffic Control 3.0.0/3.0.1 Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. | 9.8 |
| 2019-07-29 | CVE-2018-11773 | Improper Input Validation vulnerability in Apache Virtual Computing LAB Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. | 9.8 |
| 2019-07-26 | CVE-2019-13990 | XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 |
| 2019-07-26 | CVE-2018-11779 | Deserialization of Untrusted Data vulnerability in Apache Storm In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. | 9.8 |
| 2019-06-11 | CVE-2018-11801 | SQL Injection vulnerability in Apache Fineract SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table. | 9.8 |
| 2019-06-11 | CVE-2018-11800 | SQL Injection vulnerability in Apache Fineract SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. | 9.8 |
| 2019-05-28 | CVE-2018-17198 | Server-Side Request Forgery (SSRF) vulnerability in Apache Roller Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. | 9.8 |
| 2019-04-17 | CVE-2019-0228 | XXE vulnerability in multiple products Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | 9.8 |