Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-18 | CVE-2018-1333 | Resource Exhaustion vulnerability in multiple products By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. | 7.5 |
| 2018-06-13 | CVE-2017-15695 | Incorrect Authorization vulnerability in Apache Geode When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. | 8.8 |
| 2018-05-23 | CVE-2018-1310 | Deserialization of Untrusted Data vulnerability in Apache Nifi Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. | 7.5 |
| 2018-05-21 | CVE-2018-8012 | Missing Authorization vulnerability in multiple products No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. | 7.5 |
| 2018-05-18 | CVE-2018-8015 | Uncontrolled Recursion vulnerability in Apache ORC In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. | 7.5 |
| 2018-05-01 | CVE-2018-10583 | Information Exposure vulnerability in multiple products An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. | 7.5 |
| 2018-04-25 | CVE-2018-1335 | Unspecified vulnerability in Apache Tika From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. | 8.1 |
| 2018-04-20 | CVE-2018-1292 | SQL Injection vulnerability in Apache Fineract Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter. | 8.1 |
| 2018-04-20 | CVE-2018-1291 | SQL Injection vulnerability in Apache Fineract Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. | 8.1 |
| 2018-04-20 | CVE-2018-1289 | SQL Injection vulnerability in Apache Fineract In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. | 8.8 |