Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-7683 | Information Exposure vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | 7.5 |
| 2017-07-17 | CVE-2017-7682 | Unspecified vulnerability in Apache Openmeetings 3.2.0/3.2.1 Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas. | 8.2 |
| 2017-07-17 | CVE-2017-7681 | SQL Injection vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. | 8.8 |
| 2017-07-17 | CVE-2017-7680 | Unspecified vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. | 7.5 |
| 2017-07-17 | CVE-2017-7666 | Cross-site Scripting vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | 8.8 |
| 2017-07-17 | CVE-2015-0249 | Code Injection vulnerability in Apache Roller 5.1.0/5.1.1 The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL). | 7.2 |
| 2017-07-13 | CVE-2017-9789 | Use After Free vulnerability in Apache Http Server 2.4.26 When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. | 7.5 |
| 2017-07-13 | CVE-2017-9787 | Unspecified vulnerability in Apache Struts When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. | 7.5 |
| 2017-07-10 | CVE-2017-5652 | Cleartext Transmission of Sensitive Information vulnerability in Apache Impala 2.7.0/2.8.0 During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. | 7.5 |
| 2017-07-10 | CVE-2017-7670 | Resource Exhaustion vulnerability in Apache Traffic Control The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. | 7.5 |