Apache Software Foundation
560 tracked vulnerabilities.
CVE-2017-5636
CRITICAL
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Permission Impersonation via Crafted Username
Oct 19, 2017
CVSS 9.8
EPSS 0.04
CVE-2017-5635
HIGH
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Improper Authentication in Cluster Request Replication
Oct 19, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-12623
MEDIUM
Apache NiFi 1.0.0-1.3.0 - Authenticated XML External Entity Injection via Template Upload
Oct 10, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-5637
HIGH
Apache ZooKeeper 3.4.0-3.4.9 and 3.5.0-3.5.2 - Unauthenticated Denial of Service via wchp/wchc Commands
Oct 10, 2017
CVSS 7.5
EPSS 0.74
CVE-2017-9792
MEDIUM
Apache Impala <2.10.0 - Privilege Escalation
Oct 04, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-12617
HIGH
KEVNUCLEI
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
Oct 04, 2017
CVSS 8.1
EPSS 1.00
CVE-2017-9797
MEDIUM
Apache Geode <v1.2.1 - Info Disclosure/DoS
Oct 03, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-12620
CRITICAL
Apache OpenNLP 1.5.0-1.5.3 1.6.0 1.7.0-1.7.2 1.8.0-1.8.1 - XML External Entity Injection
Oct 03, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-9794
MEDIUM
Apache Geode <1.2.1 - Info Disclosure
Sep 30, 2017
CVSS 4.3
EPSS 0.01
CVE-2017-9790
HIGH
Apache Mesos <1.1.3, 1.2.x <1.2.2, 1.3.x <1.3.1, 1.4.0-dev - DoS
Sep 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-7687
HIGH
Apache Mesos <1.1.3-1.4.0-dev - DoS
Sep 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-12621
CRITICAL
Apache Commons Jelly < 1.0.1 - XML External Entity Injection via Custom Doctype Entity
Sep 28, 2017
CVSS 9.8
EPSS 0.09
CVE-2017-9804
HIGH
Apache Struts 2.3.7-2.3.33, 2.5-2.5.12 - DoS
Sep 20, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-9793
HIGH
Apache Struts 2.1.x 2.3.7-2.3.33 2.5-2.5.12 - Denial of Service via Malicious XML Payload
Sep 20, 2017
CVSS 7.5
EPSS 0.09
CVE-2017-12611
CRITICAL
NUCLEI
Apache Struts 2.0.0-2.3.33 and 2.5-2.5.10.1 - Remote Code Execution via Freemarker Tag Expression
Sep 20, 2017
CVSS 9.8
EPSS 0.88
CVE-2017-12616
HIGH
Apache Tomcat 7.0.0-7.0.80 - Exposure of Sensitive Information via VirtualDirContext
Sep 19, 2017
CVSS 7.5
EPSS 0.71
CVE-2017-12615
HIGH
KEVNUCLEI
Apache Tomcat 7.0.0-7.0.79 - Unauthenticated Remote Code Execution via JSP Upload
Sep 19, 2017
CVSS 8.1
EPSS 1.00
CVE-2017-9803
HIGH
Apache Solr 6.2.0-6.6.0 - Privilege Escalation via Kerberos Delegation Token Configuration
Sep 18, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-9798
HIGH
Apache httpd <2.4.28 - Use After Free
Sep 18, 2017
CVSS 7.5
EPSS 0.95
CVE-2017-9805
HIGH
KEVNUCLEI
Apache Struts 2 REST Plugin XStream RCE
Sep 15, 2017
CVSS 8.1
EPSS 0.99
CVE-2017-3165
MEDIUM
Apache Brooklyn < 0.10.0 - Authenticated Stored Cross-Site Scripting
Sep 13, 2017
CVSS 5.4
EPSS 0.02
CVE-2017-3163
HIGH
Apache Solr < 5.5.4 and 6.0.0-6.4.0 - Path Traversal via Index Replication File Name
Aug 30, 2017
CVSS 7.5
EPSS 0.07
CVE-2017-3155
MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - Cross-Site Scripting
Aug 29, 2017
CVSS 6.1
EPSS 0.02
CVE-2017-3154
HIGH
Apache Atlas 0.6.0-incubating 0.7.0-incubating - Exposure of Sensitive Information via Error Stack Trace
Aug 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-3153
MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - Reflected Cross-Site Scripting in Search Functionality
Aug 29, 2017
CVSS 6.1
EPSS 0.02
Products
Apache Tomcat 52
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache APISIX 15
Apache OpenMeetings 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters