Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-7688 | Unspecified vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 updates user password in insecure manner. | 7.5 |
| 2017-07-17 | CVE-2017-7684 | Resource Exhaustion vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. | 7.5 |
| 2017-07-17 | CVE-2017-7683 | Information Exposure vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | 7.5 |
| 2017-07-17 | CVE-2017-7682 | Unspecified vulnerability in Apache Openmeetings 3.2.0/3.2.1 Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas. | 8.2 |
| 2017-07-17 | CVE-2017-7681 | SQL Injection vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. | 8.8 |
| 2017-07-17 | CVE-2017-7680 | Unspecified vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. | 7.5 |
| 2017-07-17 | CVE-2017-7666 | Cross-site Scripting vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | 8.8 |
| 2017-07-17 | CVE-2015-0249 | Code Injection vulnerability in Apache Roller 5.1.0/5.1.1 The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL). | 7.2 |
| 2017-07-13 | CVE-2017-9789 | Use After Free vulnerability in Apache Http Server 2.4.26 When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. | 7.5 |
| 2017-07-13 | CVE-2017-9787 | Unspecified vulnerability in Apache Struts When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. | 7.5 |