Vulnerabilities > Apache > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-29 | CVE-2017-12626 | Infinite Loop vulnerability in Apache POI Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). | 7.5 |
2018-01-23 | CVE-2017-12632 | Improper Input Validation vulnerability in Apache Nifi A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. | 7.5 |
2018-01-18 | CVE-2017-3158 | Race Condition vulnerability in Apache Guacamole A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. | 8.1 |
2018-01-10 | CVE-2017-9795 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. | 7.5 |
2018-01-10 | CVE-2017-12622 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges. | 7.1 |
2018-01-09 | CVE-2012-3353 | Information Exposure vulnerability in Apache Sling JCR Contentloader 2.1.4 The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. | 7.5 |
2017-12-18 | CVE-2017-15700 | Information Exposure vulnerability in Apache Sling Authentication Service 1.4.0 A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | 8.8 |
2017-12-14 | CVE-2017-5663 | SQL Injection vulnerability in Apache Fineract 0.4.0Incubating/0.5.0Incubating/0.6.0Incubating In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. | 8.8 |
2017-12-01 | CVE-2017-15701 | Resource Exhaustion vulnerability in Apache Qpid Broker-J In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. | 7.5 |
2017-11-30 | CVE-2017-12631 | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. | 8.8 |