Apache Software Foundation

560 tracked vulnerabilities.

CVE-2017-5636 CRITICAL
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Permission Impersonation via Crafted Username
Oct 19, 2017
CVSS 9.8
EPSS 0.04
CVE-2017-5635 HIGH
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Improper Authentication in Cluster Request Replication
Oct 19, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-12623 MEDIUM
Apache NiFi 1.0.0-1.3.0 - Authenticated XML External Entity Injection via Template Upload
Oct 10, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-5637 HIGH
Apache ZooKeeper 3.4.0-3.4.9 and 3.5.0-3.5.2 - Unauthenticated Denial of Service via wchp/wchc Commands
Oct 10, 2017
CVSS 7.5
EPSS 0.74
CVE-2017-9792 MEDIUM
Apache Impala <2.10.0 - Privilege Escalation
Oct 04, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-12617 HIGH KEVNUCLEI
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
Oct 04, 2017
CVSS 8.1
EPSS 1.00
CVE-2017-9797 MEDIUM
Apache Geode <v1.2.1 - Info Disclosure/DoS
Oct 03, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-12620 CRITICAL
Apache OpenNLP 1.5.0-1.5.3 1.6.0 1.7.0-1.7.2 1.8.0-1.8.1 - XML External Entity Injection
Oct 03, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-9794 MEDIUM
Apache Geode <1.2.1 - Info Disclosure
Sep 30, 2017
CVSS 4.3
EPSS 0.01
CVE-2017-9790 HIGH
Apache Mesos <1.1.3, 1.2.x <1.2.2, 1.3.x <1.3.1, 1.4.0-dev - DoS
Sep 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-7687 HIGH
Apache Mesos <1.1.3-1.4.0-dev - DoS
Sep 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-12621 CRITICAL
Apache Commons Jelly < 1.0.1 - XML External Entity Injection via Custom Doctype Entity
Sep 28, 2017
CVSS 9.8
EPSS 0.09
CVE-2017-9804 HIGH
Apache Struts 2.3.7-2.3.33, 2.5-2.5.12 - DoS
Sep 20, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-9793 HIGH
Apache Struts 2.1.x 2.3.7-2.3.33 2.5-2.5.12 - Denial of Service via Malicious XML Payload
Sep 20, 2017
CVSS 7.5
EPSS 0.09
CVE-2017-12611 CRITICAL NUCLEI
Apache Struts 2.0.0-2.3.33 and 2.5-2.5.10.1 - Remote Code Execution via Freemarker Tag Expression
Sep 20, 2017
CVSS 9.8
EPSS 0.88
CVE-2017-12616 HIGH
Apache Tomcat 7.0.0-7.0.80 - Exposure of Sensitive Information via VirtualDirContext
Sep 19, 2017
CVSS 7.5
EPSS 0.71
CVE-2017-12615 HIGH KEVNUCLEI
Apache Tomcat 7.0.0-7.0.79 - Unauthenticated Remote Code Execution via JSP Upload
Sep 19, 2017
CVSS 8.1
EPSS 1.00
CVE-2017-9803 HIGH
Apache Solr 6.2.0-6.6.0 - Privilege Escalation via Kerberos Delegation Token Configuration
Sep 18, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-9798 HIGH
Apache httpd <2.4.28 - Use After Free
Sep 18, 2017
CVSS 7.5
EPSS 0.95
CVE-2017-9805 HIGH KEVNUCLEI
Apache Struts 2 REST Plugin XStream RCE
Sep 15, 2017
CVSS 8.1
EPSS 0.99
CVE-2017-3165 MEDIUM
Apache Brooklyn < 0.10.0 - Authenticated Stored Cross-Site Scripting
Sep 13, 2017
CVSS 5.4
EPSS 0.02
CVE-2017-3163 HIGH
Apache Solr < 5.5.4 and 6.0.0-6.4.0 - Path Traversal via Index Replication File Name
Aug 30, 2017
CVSS 7.5
EPSS 0.07
CVE-2017-3155 MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - Cross-Site Scripting
Aug 29, 2017
CVSS 6.1
EPSS 0.02
CVE-2017-3154 HIGH
Apache Atlas 0.6.0-incubating 0.7.0-incubating - Exposure of Sensitive Information via Error Stack Trace
Aug 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-3153 MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - Reflected Cross-Site Scripting in Search Functionality
Aug 29, 2017
CVSS 6.1
EPSS 0.02