Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-12 | CVE-2016-8736 | Deserialization of Untrusted Data vulnerability in Apache Openmeetings Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. | 9.8 |
| 2017-10-10 | CVE-2014-0030 | XXE vulnerability in Apache Roller The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | 9.8 |
| 2017-10-03 | CVE-2017-12620 | XXE vulnerability in Apache Opennlp When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. | 9.8 |
| 2017-09-28 | CVE-2017-12621 | XXE vulnerability in Apache Commons Jelly 1.0 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. | 9.8 |
| 2017-09-20 | CVE-2017-12611 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. | 9.8 |
| 2017-09-20 | CVE-2016-6795 | Path Traversal vulnerability in Apache Struts In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. | 9.8 |
| 2017-09-13 | CVE-2015-5206 | Unspecified vulnerability in Apache Traffic Server 5.3.0/5.3.1 Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. | 9.8 |
| 2017-09-13 | CVE-2015-5168 | Unspecified vulnerability in Apache Traffic Server 5.3.0/5.3.1 Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. | 9.8 |
| 2017-09-05 | CVE-2016-3086 | Information Exposure vulnerability in Apache Hadoop The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. | 9.8 |
| 2017-08-22 | CVE-2016-4460 | Improper Authentication vulnerability in Apache Pony Mail 0.6C/0.7B/0.8B Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | 9.8 |