Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-27 | CVE-2017-15693 | Deserialization of Untrusted Data vulnerability in Apache Geode In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. | 7.5 |
| 2018-02-26 | CVE-2017-15696 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. | 7.5 |
| 2018-02-21 | CVE-2013-0267 | Improper Input Validation vulnerability in Apache VCL The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation. | 8.8 |
| 2018-02-12 | CVE-2016-8742 | Permissions, Privileges, and Access Controls vulnerability in Apache Couchdb 2.0.0 The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. | 7.8 |
| 2018-02-12 | CVE-2016-5397 | Command Injection vulnerability in Apache Thrift The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. | 8.8 |
| 2018-02-09 | CVE-2018-1307 | XXE vulnerability in Apache Juddi In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. | 8.1 |
| 2018-02-06 | CVE-2018-1299 | Path Traversal vulnerability in Apache Allura In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. | 7.5 |
| 2018-02-01 | CVE-2017-3160 | Unspecified vulnerability in Apache Cordova After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. | 7.4 |
| 2018-01-29 | CVE-2017-12626 | Infinite Loop vulnerability in Apache POI Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). | 7.5 |
| 2018-01-23 | CVE-2017-12632 | Improper Input Validation vulnerability in Apache Nifi A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. | 7.5 |