Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
| 2017-04-17 | CVE-2017-5651 | Unspecified vulnerability in Apache Tomcat In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. | 9.8 |
| 2017-04-17 | CVE-2017-5648 | Exposure of Resource to Wrong Sphere vulnerability in Apache Tomcat While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. | 9.1 |
| 2017-04-12 | CVE-2016-6808 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Tomcat JK Connector Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. | 9.8 |
| 2017-04-11 | CVE-2016-0779 | Deserialization of Untrusted Data vulnerability in Apache Tomee The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. | 9.8 |
| 2017-04-06 | CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. | 9.8 |
| 2017-04-06 | CVE-2016-6809 | Deserialization of Untrusted Data vulnerability in Apache Nutch and Tika Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. | 9.8 |
| 2017-04-03 | CVE-2017-5642 | Incorrect Default Permissions vulnerability in Apache Ambari 2.4.0/2.4.1/2.4.2 During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | 9.8 |
| 2017-03-29 | CVE-2014-3582 | Code Injection vulnerability in Apache Ambari In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | 9.8 |
| 2017-03-28 | CVE-2016-6807 | Improper Access Control vulnerability in Apache Ambari 2.4.0/2.4.1 Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. | 9.8 |