Apache Software Foundation

560 tracked vulnerabilities.

CVE-2017-3152 MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - DOM-Based Cross-Site Scripting in Edit-Tag Functionality
Aug 29, 2017
CVSS 6.1
EPSS 0.02
CVE-2017-3151 MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - Stored Cross-Site Scripting in Edit-Tag Functionality
Aug 29, 2017
CVSS 6.1
EPSS 0.02
CVE-2017-3150 MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - Cross-Site Scripting via Cookie Access
Aug 29, 2017
CVSS 6.1
EPSS 0.02
CVE-2017-9800 CRITICAL
Subversion <1.8.19, 1.9.x <1.9.7, 1.10.0.x <=1.10.0-alpha3 - RCE
Aug 11, 2017
CVSS 9.8
EPSS 0.19
CVE-2017-7675 HIGH
Apache Tomcat <9.0.0.M22, <8.5.16 - Path Traversal
Aug 11, 2017
CVSS 7.5
EPSS 0.10
CVE-2017-7674 MEDIUM
Apache Tomcat <9.0.0.M21,8.5.15,8.0.44,7.0.78 - Info Disclosure
Aug 11, 2017
CVSS 4.3
EPSS 0.08
CVE-2017-3156 HIGH
Apache CXF <3.0.13, <3.1.10 - Timing Attack
Aug 10, 2017
CVSS 7.5
EPSS 0.06
CVE-2017-9799 HIGH
Apache Storm <1.0.4-1.1.1 - Privilege Escalation
Aug 09, 2017
CVSS 8.8
EPSS 0.05
CVE-2017-9801 HIGH
Apache Commons Email <1.5 - Info Disclosure
Aug 07, 2017
CVSS 7.5
EPSS 0.06
CVE-2017-7659 HIGH
Apache HTTP Server <2.4.24-2.4.25 - Use After Free
Jul 26, 2017
CVSS 7.5
EPSS 0.54
CVE-2017-7688 HIGH
Apache OpenMeetings 1.0.0 - Info Disclosure
Jul 17, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-7685 MEDIUM
Apache OpenMeetings 1.0.0 - Info Disclosure
Jul 17, 2017
CVSS 5.3
EPSS 0.03
CVE-2017-7684 HIGH
Apache OpenMeetings 1.0.0 - Denial of Service via Large File Upload
Jul 17, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-7683 HIGH
Apache OpenMeetings 1.0.0 - Info Disclosure
Jul 17, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-7682 HIGH
Apache OpenMeetings 3.2.0 - Info Disclosure
Jul 17, 2017
CVSS 8.2
EPSS 0.02
CVE-2017-7681 HIGH
Apache OpenMeetings 1.0.0 - SQL Injection
Jul 17, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-7680 HIGH
Apache OpenMeetings 1.0.0 - Overly Permissive crossdomain.xml
Jul 17, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-7673 CRITICAL
Apache OpenMeetings 1.0.0 - Info Disclosure
Jul 17, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-7666 HIGH
Apache OpenMeetings 1.0.0 - Cross-Site Request Forgery
Jul 17, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-7664 CRITICAL
Apache OpenMeetings 3.1.0 - Info Disclosure
Jul 17, 2017
CVSS 10.0
EPSS 0.02
CVE-2017-7663 MEDIUM
Apache OpenMeetings 3.2.0 - Stored Cross-Site Scripting in Global and Room Chat
Jul 17, 2017
CVSS 6.1
EPSS 0.03
CVE-2017-9789 HIGH
Apache httpd 2.4.26 - Memory Corruption
Jul 13, 2017
CVSS 7.5
EPSS 0.10
CVE-2017-9788 CRITICAL
Apache httpd <2.2.34 & 2.4.x <2.4.27 - Info Disclosure
Jul 13, 2017
CVSS 9.1
EPSS 0.57
CVE-2017-9787 HIGH
Apache Struts - Denial of Service via Spring AOP Functionality
Jul 13, 2017
CVSS 7.5
EPSS 0.10
CVE-2017-7672 MEDIUM
Apache Struts 2.5.0-2.5.10.1 - Denial of Service via URLValidator
Jul 13, 2017
CVSS 5.9
EPSS 0.09