Apache Software Foundation

560 tracked vulnerabilities.

CVE-2019-17571 CRITICAL
Apache Log4j <= 1.2.17 - Deserialization of Untrusted Data via SocketServer
Dec 20, 2019
CVSS 9.8
EPSS 0.69
CVE-2017-12626 HIGH
Apache POI < 3.17 - Denial of Service via Crafted WMF EMF MSG Macro DOC PPT XLS Parsing
Jan 29, 2018
CVSS 7.5
EPSS 0.10
CVE-2017-5641 CRITICAL
Apache Flex BlazeDS < 4.7.3 - Deserialization of Untrusted Data via AMF(X) Object Deserialization
Dec 28, 2017
CVSS 9.8
EPSS 0.21
CVE-2017-15700 HIGH
Apache Sling Authentication Service 1.4.0 - Exposure of Sensitive Information via Login Form Redirect
Dec 18, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-12630 MEDIUM
Apache Drill < 1.11.0 - Stored Cross-Site Scripting via Query Page Form Submission
Dec 18, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-5663 HIGH
Apache Fineract <=0.6.0-incubating Authenticated SQL Injection via sqlSearch
Dec 14, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-15708 CRITICAL
Apache Synapse < 3.0.1 - Unauthenticated Remote Code Execution via RMI Deserialization
Dec 11, 2017
CVSS 9.8
EPSS 0.18
CVE-2017-15707 MEDIUM
Apache Struts 2.5-2.5.14 - Denial of Service via Malicious JSON Payload
Dec 01, 2017
CVSS 6.2
EPSS 0.05
CVE-2017-15702 CRITICAL
Apache Qpid Broker-J 0.18-0.32 - Unauthenticated Authentication Provider Spoofing via HTTP Port
Dec 01, 2017
CVSS 9.8
EPSS 0.06
CVE-2017-15701 HIGH
Apache Qpid Broker-J 6.1.0-6.1.4 - Unauthenticated Denial of Service via AMQP 1.0 Frame Size Exhaustion
Dec 01, 2017
CVSS 7.5
EPSS 0.04
CVE-2017-12631 HIGH
Apache CXF Fediz < 1.3.3 and 1.4.x < 1.4.3 - Cross-Site Request Forgery
Nov 30, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-3157 MEDIUM
Apache OpenOffice < 4.1.4 - Unauthenticated Exposure of Sensitive Information via Embedded Object File Read
Nov 20, 2017
CVSS 5.5
EPSS 0.03
CVE-2017-12608 HIGH
Apache OpenOffice < 4.1.4 - Memory Corruption and Remote Code Execution via DOC File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-12607 HIGH
Apache OpenOffice < 4.1.4 - Out-of-bounds Write in PPT File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-9806 HIGH
OpenOffice Writer <4.1.4 - Memory Corruption
Nov 20, 2017
CVSS 7.8
EPSS 0.02
CVE-2017-12634 CRITICAL
Apache Camel 2.0.0-2.19.3, 2.20.0 - Deserialization of Untrusted Data in camel-castor
Nov 15, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-12633 CRITICAL
Apache Camel 2.0.0-2.19.3 and 2.20.0 - Deserialization of Untrusted Data in camel-hessian
Nov 15, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-12636 HIGH
Apache CouchDB < 1.7.0 and 2.x < 2.1.1 - Authenticated OS Command Injection via Configuration Options
Nov 14, 2017
CVSS 7.2
EPSS 0.91
CVE-2017-12635 CRITICAL NUCLEI
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Nov 14, 2017
CVSS 9.8
EPSS 1.00
CVE-2017-12624 MEDIUM
Apache CXF 3.0.0-3.0.15, 3.1.0-3.1.13, 3.2.0 - Denial of Service via Large Message Attachment Header
Nov 14, 2017
CVSS 5.5
EPSS 0.04
CVE-2017-3166 HIGH
Apache Hadoop 2.6.1-2.6.5, 2.7.0-2.7.3, 3.0.0-alpha1-3.0.0-alpha3 - Sensitive File Exposure via YARN
Nov 13, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-12625 MEDIUM
Apache Hive <2.1.2, <2.2.1, <2.3.1 - Sensitive Information Exposure via Masking Bypass
Nov 01, 2017
CVSS 4.3
EPSS 0.01
CVE-2017-12618 MEDIUM
Apache Portable Runtime Utility <= 1.6.0 - Out-of-bounds Read via SDBM Database File
Oct 24, 2017
CVSS 4.7
EPSS 0.01
CVE-2017-12613 HIGH
Apache Portable Runtime < 1.7.0 - Out-of-bounds Read via Invalid Month Field
Oct 24, 2017
CVSS 7.1
EPSS 0.02
CVE-2017-12628 HIGH
Apache James < 3.0.1 - Deserialization of Untrusted Data via JMX Server
Oct 20, 2017
CVSS 7.8
EPSS 0.01