Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2017-11-20 CVE-2017-12608 Out-of-bounds Write vulnerability in multiple products
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
local
low complexity
apache debian CWE-787
7.8
2017-11-20 CVE-2017-12607 Out-of-bounds Write vulnerability in multiple products
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
local
low complexity
apache debian CWE-787
7.8
2017-11-20 CVE-2017-9806 Out-of-bounds Write vulnerability in Apache Openoffice
A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
local
low complexity
apache CWE-787
7.8
2017-11-20 CVE-2016-6804 Permissions, Privileges, and Access Controls vulnerability in Apache Openoffice
The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges.
local
low complexity
apache CWE-264
7.8
2017-11-14 CVE-2017-12636 OS Command Injection vulnerability in Apache Couchdb
CouchDB administrative users can configure the database server via HTTP(S).
network
low complexity
apache CWE-78
7.2
2017-11-13 CVE-2017-3166 Incorrect Permission Assignment for Critical Resource vulnerability in Apache Hadoop
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.
local
low complexity
apache CWE-732
7.8
2017-11-13 CVE-2016-6803 Untrusted Search Path vulnerability in Apache Openoffice
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows.
local
low complexity
apache CWE-426
7.8
2017-10-30 CVE-2014-0072 Improper Input Validation vulnerability in Apache Cordova and Cordova File Transfer
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.
network
low complexity
apache CWE-20
7.5
2017-10-30 CVE-2014-0115 Path Traversal vulnerability in Apache Storm 0.9.0.1
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a ..
network
low complexity
apache CWE-22
7.5
2017-10-30 CVE-2012-0881 Resource Management Errors vulnerability in Apache Xerces2 Java 2.10.0/2.11.0/2.9.1
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
network
low complexity
apache CWE-399
7.5