Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-16 | CVE-2018-8014 | Insecure Default Initialization of Resource vulnerability in multiple products The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. | 9.8 |
| 2018-04-20 | CVE-2018-1290 | SQL Injection vulnerability in Apache Fineract In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. | 9.8 |
| 2018-04-11 | CVE-2018-1273 | Injection vulnerability in multiple products Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. | 9.8 |
| 2018-04-05 | CVE-2018-1282 | SQL Injection vulnerability in Apache Hive This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation. | 9.1 |
| 2018-04-02 | CVE-2018-1295 | Deserialization of Untrusted Data vulnerability in Apache Ignite In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. | 9.8 |
| 2018-03-26 | CVE-2018-1312 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. | 9.8 |
| 2018-03-01 | CVE-2017-12627 | NULL Pointer Dereference vulnerability in Apache Xerces-C++ In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | 9.8 |
| 2018-02-27 | CVE-2017-15692 | Deserialization of Untrusted Data vulnerability in Apache Geode In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. | 9.8 |
| 2018-02-14 | CVE-2018-1287 | Unspecified vulnerability in Apache Jmeter In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. | 9.8 |
| 2018-02-13 | CVE-2018-1297 | Cleartext Transmission of Sensitive Information vulnerability in Apache Jmeter When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. | 9.8 |