Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-09 | CVE-2012-3353 | Information Exposure vulnerability in Apache Sling JCR Contentloader 2.1.4 The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. | 7.5 |
| 2017-12-18 | CVE-2017-15700 | Information Exposure vulnerability in Apache Sling Authentication Service 1.4.0 A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | 8.8 |
| 2017-12-14 | CVE-2017-5663 | SQL Injection vulnerability in Apache Fineract 0.4.0Incubating/0.5.0Incubating/0.6.0Incubating In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. | 8.8 |
| 2017-12-01 | CVE-2017-15701 | Resource Exhaustion vulnerability in Apache Qpid Broker-J In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. | 7.5 |
| 2017-11-30 | CVE-2017-12631 | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. | 8.8 |
| 2017-11-20 | CVE-2017-12608 | Out-of-bounds Write vulnerability in multiple products A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. | 7.8 |
| 2017-11-20 | CVE-2017-12607 | Out-of-bounds Write vulnerability in multiple products A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. | 7.8 |
| 2017-11-20 | CVE-2017-9806 | Out-of-bounds Write vulnerability in Apache Openoffice A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. | 7.8 |
| 2017-11-20 | CVE-2016-6804 | Permissions, Privileges, and Access Controls vulnerability in Apache Openoffice The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. | 7.8 |
| 2017-11-14 | CVE-2017-12636 | OS Command Injection vulnerability in Apache Couchdb CouchDB administrative users can configure the database server via HTTP(S). | 7.2 |