Vulnerabilities > Apache > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-02 | CVE-2018-1295 | Deserialization of Untrusted Data vulnerability in Apache Ignite In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. | 9.8 |
2018-03-26 | CVE-2018-1312 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. | 9.8 |
2018-03-01 | CVE-2017-12627 | NULL Pointer Dereference vulnerability in Apache Xerces-C++ In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | 9.8 |
2018-02-27 | CVE-2017-15692 | Deserialization of Untrusted Data vulnerability in Apache Geode In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. | 9.8 |
2018-02-14 | CVE-2018-1287 | Unspecified vulnerability in Apache Jmeter In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. | 9.8 |
2018-02-13 | CVE-2018-1297 | Cleartext Transmission of Sensitive Information vulnerability in Apache Jmeter When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. | 9.8 |
2018-02-06 | CVE-2016-6813 | Unspecified vulnerability in Apache Cloudstack Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. | 9.8 |
2018-01-24 | CVE-2017-15718 | Unspecified vulnerability in Apache Hadoop 2.7.3/2.7.4 The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications. | 9.8 |
2018-01-23 | CVE-2017-15697 | Improper Input Validation vulnerability in Apache Nifi A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. | 9.8 |
2018-01-18 | CVE-2016-6814 | Deserialization of Untrusted Data vulnerability in multiple products When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. | 9.8 |