Apache Software Foundation
560 tracked vulnerabilities.
CVE-2019-17571
CRITICAL
Apache Log4j <= 1.2.17 - Deserialization of Untrusted Data via SocketServer
Dec 20, 2019
CVSS 9.8
EPSS 0.69
CVE-2017-12626
HIGH
Apache POI < 3.17 - Denial of Service via Crafted WMF EMF MSG Macro DOC PPT XLS Parsing
Jan 29, 2018
CVSS 7.5
EPSS 0.10
CVE-2017-5641
CRITICAL
Apache Flex BlazeDS < 4.7.3 - Deserialization of Untrusted Data via AMF(X) Object Deserialization
Dec 28, 2017
CVSS 9.8
EPSS 0.21
CVE-2017-15700
HIGH
Apache Sling Authentication Service 1.4.0 - Exposure of Sensitive Information via Login Form Redirect
Dec 18, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-12630
MEDIUM
Apache Drill < 1.11.0 - Stored Cross-Site Scripting via Query Page Form Submission
Dec 18, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-5663
HIGH
Apache Fineract <=0.6.0-incubating Authenticated SQL Injection via sqlSearch
Dec 14, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-15708
CRITICAL
Apache Synapse < 3.0.1 - Unauthenticated Remote Code Execution via RMI Deserialization
Dec 11, 2017
CVSS 9.8
EPSS 0.18
CVE-2017-15707
MEDIUM
Apache Struts 2.5-2.5.14 - Denial of Service via Malicious JSON Payload
Dec 01, 2017
CVSS 6.2
EPSS 0.05
CVE-2017-15702
CRITICAL
Apache Qpid Broker-J 0.18-0.32 - Unauthenticated Authentication Provider Spoofing via HTTP Port
Dec 01, 2017
CVSS 9.8
EPSS 0.06
CVE-2017-15701
HIGH
Apache Qpid Broker-J 6.1.0-6.1.4 - Unauthenticated Denial of Service via AMQP 1.0 Frame Size Exhaustion
Dec 01, 2017
CVSS 7.5
EPSS 0.04
CVE-2017-12631
HIGH
Apache CXF Fediz < 1.3.3 and 1.4.x < 1.4.3 - Cross-Site Request Forgery
Nov 30, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-3157
MEDIUM
Apache OpenOffice < 4.1.4 - Unauthenticated Exposure of Sensitive Information via Embedded Object File Read
Nov 20, 2017
CVSS 5.5
EPSS 0.03
CVE-2017-12608
HIGH
Apache OpenOffice < 4.1.4 - Memory Corruption and Remote Code Execution via DOC File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-12607
HIGH
Apache OpenOffice < 4.1.4 - Out-of-bounds Write in PPT File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-9806
HIGH
OpenOffice Writer <4.1.4 - Memory Corruption
Nov 20, 2017
CVSS 7.8
EPSS 0.02
CVE-2017-12634
CRITICAL
Apache Camel 2.0.0-2.19.3, 2.20.0 - Deserialization of Untrusted Data in camel-castor
Nov 15, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-12633
CRITICAL
Apache Camel 2.0.0-2.19.3 and 2.20.0 - Deserialization of Untrusted Data in camel-hessian
Nov 15, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-12636
HIGH
Apache CouchDB < 1.7.0 and 2.x < 2.1.1 - Authenticated OS Command Injection via Configuration Options
Nov 14, 2017
CVSS 7.2
EPSS 0.91
CVE-2017-12635
CRITICAL
NUCLEI
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Nov 14, 2017
CVSS 9.8
EPSS 1.00
CVE-2017-12624
MEDIUM
Apache CXF 3.0.0-3.0.15, 3.1.0-3.1.13, 3.2.0 - Denial of Service via Large Message Attachment Header
Nov 14, 2017
CVSS 5.5
EPSS 0.04
CVE-2017-3166
HIGH
Apache Hadoop 2.6.1-2.6.5, 2.7.0-2.7.3, 3.0.0-alpha1-3.0.0-alpha3 - Sensitive File Exposure via YARN
Nov 13, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-12625
MEDIUM
Apache Hive <2.1.2, <2.2.1, <2.3.1 - Sensitive Information Exposure via Masking Bypass
Nov 01, 2017
CVSS 4.3
EPSS 0.01
CVE-2017-12618
MEDIUM
Apache Portable Runtime Utility <= 1.6.0 - Out-of-bounds Read via SDBM Database File
Oct 24, 2017
CVSS 4.7
EPSS 0.01
CVE-2017-12613
HIGH
Apache Portable Runtime < 1.7.0 - Out-of-bounds Read via Invalid Month Field
Oct 24, 2017
CVSS 7.1
EPSS 0.02
CVE-2017-12628
HIGH
Apache James < 3.0.1 - Deserialization of Untrusted Data via JMX Server
Oct 20, 2017
CVSS 7.8
EPSS 0.01
Products
Apache Tomcat 52
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache APISIX 15
Apache OpenMeetings 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters