Apache Software Foundation

564 tracked vulnerabilities.

CVE-2017-5654 HIGH
Ambari <2.4.3-2.5.0 - Info Disclosure
May 12, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-3162 HIGH
Apache Hadoop < 2.7.0 - Server-Side Request Forgery via Unvalidated NameNode Parameter
Apr 26, 2017
CVSS 7.3
EPSS 0.06
CVE-2017-3161 MEDIUM
Apache Hadoop < 2.7.0 - Cross-Site Scripting via HDFS Web UI Query Parameter
Apr 26, 2017
CVSS 6.1
EPSS 0.04
CVE-2017-5656 HIGH
Apache CXF <3.1.11, <3.0.13 - Privilege Escalation
Apr 18, 2017
CVSS 7.5
EPSS 0.07
CVE-2017-5653 MEDIUM
Apache CXF 3.0.0-3.0.12 and 3.1.0-3.1.10 - Improper Certificate Validation in JAX-RS XML Security Streaming Clients
Apr 18, 2017
CVSS 5.3
EPSS 0.11
CVE-2017-5662 HIGH
Apache Batik < 1.9 - XML External Entity Injection
Apr 18, 2017
CVSS 7.3
EPSS 0.04
CVE-2017-5661 HIGH
Apache FOP < 2.2 - XML External Entity Injection via Malicious SVG File
Apr 18, 2017
CVSS 7.3
EPSS 0.03
CVE-2017-5645 CRITICAL NUCLEI
Apache Log4j 2.0-2.8.1 - Remote Code Execution via Untrusted Data Deserialization
Apr 17, 2017
CVSS 9.8
EPSS 0.89
CVE-2017-5659 HIGH
Apache Traffic Server < 6.2.1 - Denial of Service via Content Length and Chunked Encoding Mismatch
Apr 17, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-5651 CRITICAL
Apache Tomcat <9.0.0.M19-<8.5.13 - Info Disclosure
Apr 17, 2017
CVSS 9.8
EPSS 0.08
CVE-2017-5650 HIGH
Apache Tomcat 8.5.0-8.5.12 and 9.0.0.M1-9.0.0.M18 - Denial of Service via HTTP/2 GOAWAY Frame Handling
Apr 17, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-5648 CRITICAL
Apache Tomcat < 9.0.0.M18 - Exposure to Wrong Actor
Apr 17, 2017
CVSS 9.1
EPSS 0.13
CVE-2017-5647 HIGH
Apache Tomcat < 9.0.0.M19 - Information Disclosure
Apr 17, 2017
CVSS 7.5
EPSS 0.17
CVE-2017-5649 HIGH
Apache Geode < 1.1.1 - Authenticated Sensitive Data Exposure via Pulse Data Browser
Apr 04, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-5642 CRITICAL
Apache Ambari 2.4.0-2.4.2 - Incorrect Default Permissions
Apr 03, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-5644 MEDIUM
Apache POI < 3.15 - Denial of Service via XML Entity Expansion
Mar 24, 2017
CVSS 5.5
EPSS 0.05
CVE-2017-5643 HIGH
Apache Camel < 2.16.0 - Server-Side Request Forgery via Remote DTDs
Mar 16, 2017
CVSS 7.4
EPSS 0.05
CVE-2017-5638 CRITICAL KEVNUCLEI
Apache Struts 2.3.x < 2.3.32 and 2.5.x < 2.5.10.1 - Remote Code Execution via Jakarta Multipart Parser
Mar 11, 2017
CVSS 9.8
EPSS 1.00
CVE-2017-3159 CRITICAL
Apache Camel < 2.14.4 - Deserialization of Untrusted Data via SnakeYAML
Mar 07, 2017
CVSS 9.8
EPSS 0.06
CVE-2016-6804 HIGH
Apache OpenOffice < 4.1.3 - DLL Hijacking via Installer
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2016-6803 HIGH
Apache OpenOffice < 4.1.3 - Untrusted Search Path
Nov 13, 2017
CVSS 7.8
EPSS 0.02
CVE-2016-8748 MEDIUM
Apache NiFi < 1.0.1 and 1.1.x < 1.1.1 - Cross-Site Scripting in Connection Details Dialog
Oct 19, 2017
CVSS 5.4
EPSS 0.02
CVE-2016-8734 MEDIUM
Apache Subversion <1.8.16, <1.9.4 - DoS
Oct 16, 2017
CVSS 6.5
EPSS 0.06
CVE-2016-6815 MEDIUM
Apache Ranger < 0.6.2 - Unauthorized Password Change for Admin Users
Oct 13, 2017
CVSS 6.5
EPSS 0.02
CVE-2016-8736 CRITICAL
Apache OpenMeetings < 3.1.2 - Remote Code Execution via RMI Deserialization
Oct 12, 2017
CVSS 9.8
EPSS 0.05