Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-31 | CVE-2018-17191 | Unspecified vulnerability in Apache Netbeans 9.0 Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). | 9.8 |
| 2018-11-19 | CVE-2018-17190 | Unspecified vulnerability in Apache Spark In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. | 9.8 |
| 2018-11-07 | CVE-2018-8021 | Deserialization of Untrusted Data vulnerability in Apache Superset Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. | 9.8 |
| 2018-10-24 | CVE-2018-11792 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. | 9.8 |
| 2018-09-17 | CVE-2018-11780 | Code Injection vulnerability in multiple products A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. | 9.8 |
| 2018-08-26 | CVE-2011-2767 | Code Injection vulnerability in multiple products mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | 9.8 |
| 2018-07-31 | CVE-2018-8027 | XXE vulnerability in Apache Camel Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. | 9.8 |
| 2018-07-23 | CVE-2018-11757 | Unspecified vulnerability in Apache Openwhisk In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. | 9.8 |
| 2018-07-23 | CVE-2018-11756 | Unspecified vulnerability in Apache Openwhisk 1.0.0 In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. | 9.8 |
| 2018-07-20 | CVE-2018-8018 | Deserialization of Untrusted Data vulnerability in Apache Ignite In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. | 9.8 |