Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-07 | CVE-2019-0192 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. | 9.8 |
| 2019-03-06 | CVE-2019-0187 | Deserialization of Untrusted Data vulnerability in Apache Jmeter 4.0/5.0 Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). | 9.8 |
| 2019-01-23 | CVE-2017-17836 | Credentials Management vulnerability in Apache Airflow In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. | 9.8 |
| 2019-01-07 | CVE-2018-11788 | XXE vulnerability in Apache Karaf Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. | 9.8 |
| 2018-12-31 | CVE-2018-17191 | Unspecified vulnerability in Apache Netbeans 9.0 Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). | 9.8 |
| 2018-11-19 | CVE-2018-17190 | Unspecified vulnerability in Apache Spark In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. | 9.8 |
| 2018-11-07 | CVE-2018-8021 | Deserialization of Untrusted Data vulnerability in Apache Superset Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. | 9.8 |
| 2018-10-24 | CVE-2018-11792 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. | 9.8 |
| 2018-09-17 | CVE-2018-11780 | Code Injection vulnerability in multiple products A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. | 9.8 |
| 2018-08-26 | CVE-2011-2767 | Code Injection vulnerability in multiple products mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | 9.8 |