Apache Software Foundation

352 tracked vulnerabilities.

CVE-2017-5647 HIGH
Apache Tomcat < 9.0.0.M19 - Information Disclosure
Apr 17, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-5649 HIGH
Apache Geode < 1.1.1 - Authenticated Sensitive Data Exposure via Pulse Data Browser
Apr 04, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-5642 CRITICAL
Apache Ambari 2.4.0-2.4.2 - Incorrect Default Permissions
Apr 03, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-5644 MEDIUM
Apache POI < 3.15 - Denial of Service via XML Entity Expansion
Mar 24, 2017
CVSS 5.5
EPSS 0.01
CVE-2017-5643 HIGH
Apache Camel < 2.16.0 - Server-Side Request Forgery via Remote DTDs
Mar 16, 2017
CVSS 7.4
EPSS 0.01
CVE-2017-5638 CRITICAL KEVNUCLEI
Apache Struts 2.3.x < 2.3.32 and 2.5.x < 2.5.10.1 - Remote Code Execution via Jakarta Multipart Parser
Mar 11, 2017
CVSS 9.8
EPSS 0.94
CVE-2017-3159 CRITICAL
Apache Camel < 2.14.4 - Deserialization of Untrusted Data via SnakeYAML
Mar 07, 2017
CVSS 9.8
EPSS 0.03
CVE-2016-6804 HIGH
Apache OpenOffice < 4.1.3 - DLL Hijacking via Installer
Nov 20, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-6803 HIGH
Apache OpenOffice < 4.1.3 - Untrusted Search Path
Nov 13, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-8748 MEDIUM
Apache NiFi < 1.0.1 and 1.1.x < 1.1.1 - Cross-Site Scripting in Connection Details Dialog
Oct 19, 2017
CVSS 5.4
EPSS 0.00
CVE-2016-8734 MEDIUM
Apache Subversion <1.8.16, <1.9.4 - DoS
Oct 16, 2017
CVSS 6.5
EPSS 0.13
CVE-2016-6815 MEDIUM
Apache Ranger < 0.6.2 - Unauthorized Password Change for Admin Users
Oct 13, 2017
CVSS 6.5
EPSS 0.00
CVE-2016-8736 CRITICAL
Apache OpenMeetings < 3.1.2 - Remote Code Execution via RMI Deserialization
Oct 12, 2017
CVSS 9.8
EPSS 0.06
CVE-2016-6806 HIGH
Apache Wicket 6.x < 6.25.0, 7.x < 7.5.0, 8.0.0-M1 - Cross-Site Request Forgery
Oct 03, 2017
CVSS 8.8
EPSS 0.00
CVE-2016-8738 MEDIUM
Apache Struts 2.5-2.5.5 - Denial of Service via URLValidator
Sep 20, 2017
CVSS 5.9
EPSS 0.01
CVE-2016-6795 CRITICAL
Apache Struts 2.3.x < 2.3.31 and 2.5.x < 2.5.5 - Remote Code Execution via Path Traversal
Sep 20, 2017
CVSS 9.8
EPSS 0.05
CVE-2016-8744 HIGH
Apache Brooklyn <0.10.0 - Code Injection
Sep 13, 2017
CVSS 8.8
EPSS 0.00
CVE-2016-8737 HIGH
Apache Brooklyn < 0.10.0 - Cross-Site Request Forgery
Sep 13, 2017
CVSS 8.8
EPSS 0.00
CVE-2016-3086 CRITICAL
Apache Hadoop 2.6.0-2.6.4 and 2.7.0-2.7.2 - Unauthorized Sensitive Information Exposure via YARN NodeManager
Sep 05, 2017
CVSS 9.8
EPSS 0.01
CVE-2016-5001 MEDIUM
Apache Hadoop < 2.6.4 and 2.7.0-2.7.1 - Unauthorized File Read via Short-Circuit Reads Token Guessing
Aug 30, 2017
CVSS 5.5
EPSS 0.00
CVE-2016-6800 MEDIUM
Apache OFBiz - Stored Cross-Site Scripting in Blog Article Summary and Content Fields
Aug 30, 2017
CVSS 6.1
EPSS 0.01
CVE-2016-4462 HIGH
Apache OFBiz - Authenticated Remote Code Execution via ExternalLoginKey Freemarker Injection
Aug 30, 2017
CVSS 8.8
EPSS 0.01
CVE-2016-8752 HIGH
Apache Atlas <0.8 - Info Disclosure
Aug 29, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-6796 HIGH
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Auth ...
Aug 11, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-8745 HIGH
Apache Tomcat <9.0.0.M14, 8.5.9, 8.0.40, 7.0.74, 6.0.49 - Info Disc...
Aug 10, 2017
CVSS 7.5
EPSS 0.11
Products
Apache Tomcat 42 Apache HTTP Server 23 Apache OFBiz 20 Apache Airflow 19 Apache OpenMeetings 15 Apache Camel 11 Apache Struts 11 Apache Thrift 11 Apache CXF 9 Apache ActiveMQ 8 Apache Atlas 8 Apache NiFi 8 Apache CloudStack 7 Apache ActiveMQ All 6 Apache Hadoop 6 Apache OpenOffice 6 Apache Wicket 6 Apache ActiveMQ Broker 5 Apache Ranger 5 Apache Ambari 4 Apache Log4j Core 4 Apache MINA 4 Apache OpenNLP 4 Apache Polaris 4 Apache Traffic Server 4 Apache APISIX 3 Apache Brooklyn 3 Apache CXF Fediz 3 Apache Cassandra 3 Apache DolphinScheduler 3
Quick Filters
Critical CVEs With Exploits In CISA KEV