Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2014-3600 | XXE vulnerability in Apache Activemq XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. | 9.8 |
| 2017-10-27 | CVE-2014-3579 | XXE vulnerability in Apache Activemq Apollo XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. | 9.8 |
| 2017-10-27 | CVE-2016-5003 | Deserialization of Untrusted Data vulnerability in Apache Ws-Xmlrpc 3.1.3 The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element. | 9.8 |
| 2017-10-26 | CVE-2012-1622 | Unspecified vulnerability in Apache Ofbiz 10.04 Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2017-10-19 | CVE-2017-5636 | Injection vulnerability in Apache Nifi In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node. | 9.8 |
| 2017-10-14 | CVE-2017-12629 | XXE vulnerability in multiple products Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. | 9.8 |
| 2017-10-12 | CVE-2016-8736 | Deserialization of Untrusted Data vulnerability in Apache Openmeetings Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. | 9.8 |
| 2017-10-10 | CVE-2014-0030 | XXE vulnerability in Apache Roller The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | 9.8 |
| 2017-10-03 | CVE-2017-12620 | XXE vulnerability in Apache Opennlp When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. | 9.8 |
| 2017-09-28 | CVE-2017-12621 | XXE vulnerability in Apache Commons Jelly 1.0 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. | 9.8 |