Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-04-02 CVE-2018-1295 Deserialization of Untrusted Data vulnerability in Apache Ignite
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath.
network
low complexity
apache CWE-502
critical
9.8
2018-03-26 CVE-2018-1312 Improper Authentication vulnerability in multiple products
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed.
network
low complexity
apache canonical debian netapp redhat CWE-287
critical
9.8
2018-03-01 CVE-2017-12627 NULL Pointer Dereference vulnerability in Apache Xerces-C++
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
network
low complexity
apache CWE-476
critical
9.8
2018-02-27 CVE-2017-15692 Deserialization of Untrusted Data vulnerability in Apache Geode
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data.
network
low complexity
apache CWE-502
critical
9.8
2018-02-14 CVE-2018-1287 Unspecified vulnerability in Apache Jmeter
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host.
network
low complexity
apache
critical
9.8
2018-02-13 CVE-2018-1297 Cleartext Transmission of Sensitive Information vulnerability in Apache Jmeter
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection.
network
low complexity
apache CWE-319
critical
9.8
2018-02-06 CVE-2016-6813 Unspecified vulnerability in Apache Cloudstack
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API.
network
low complexity
apache
critical
9.8
2018-01-24 CVE-2017-15718 Unspecified vulnerability in Apache Hadoop 2.7.3/2.7.4
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
network
low complexity
apache
critical
9.8
2018-01-23 CVE-2017-15697 Improper Input Validation vulnerability in Apache Nifi
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution.
network
low complexity
apache CWE-20
critical
9.8
2018-01-18 CVE-2016-6814 Deserialization of Untrusted Data vulnerability in multiple products
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g.
network
low complexity
apache redhat CWE-502
critical
9.8