Apache Software Foundation
564 tracked vulnerabilities.
CVE-2017-5654
HIGH
Ambari <2.4.3-2.5.0 - Info Disclosure
May 12, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-3162
HIGH
Apache Hadoop < 2.7.0 - Server-Side Request Forgery via Unvalidated NameNode Parameter
Apr 26, 2017
CVSS 7.3
EPSS 0.06
CVE-2017-3161
MEDIUM
Apache Hadoop < 2.7.0 - Cross-Site Scripting via HDFS Web UI Query Parameter
Apr 26, 2017
CVSS 6.1
EPSS 0.04
CVE-2017-5656
HIGH
Apache CXF <3.1.11, <3.0.13 - Privilege Escalation
Apr 18, 2017
CVSS 7.5
EPSS 0.07
CVE-2017-5653
MEDIUM
Apache CXF 3.0.0-3.0.12 and 3.1.0-3.1.10 - Improper Certificate Validation in JAX-RS XML Security Streaming Clients
Apr 18, 2017
CVSS 5.3
EPSS 0.11
CVE-2017-5662
HIGH
Apache Batik < 1.9 - XML External Entity Injection
Apr 18, 2017
CVSS 7.3
EPSS 0.04
CVE-2017-5661
HIGH
Apache FOP < 2.2 - XML External Entity Injection via Malicious SVG File
Apr 18, 2017
CVSS 7.3
EPSS 0.03
CVE-2017-5645
CRITICAL
NUCLEI
Apache Log4j 2.0-2.8.1 - Remote Code Execution via Untrusted Data Deserialization
Apr 17, 2017
CVSS 9.8
EPSS 0.89
CVE-2017-5659
HIGH
Apache Traffic Server < 6.2.1 - Denial of Service via Content Length and Chunked Encoding Mismatch
Apr 17, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-5651
CRITICAL
Apache Tomcat <9.0.0.M19-<8.5.13 - Info Disclosure
Apr 17, 2017
CVSS 9.8
EPSS 0.08
CVE-2017-5650
HIGH
Apache Tomcat 8.5.0-8.5.12 and 9.0.0.M1-9.0.0.M18 - Denial of Service via HTTP/2 GOAWAY Frame Handling
Apr 17, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-5648
CRITICAL
Apache Tomcat < 9.0.0.M18 - Exposure to Wrong Actor
Apr 17, 2017
CVSS 9.1
EPSS 0.13
CVE-2017-5647
HIGH
Apache Tomcat < 9.0.0.M19 - Information Disclosure
Apr 17, 2017
CVSS 7.5
EPSS 0.17
CVE-2017-5649
HIGH
Apache Geode < 1.1.1 - Authenticated Sensitive Data Exposure via Pulse Data Browser
Apr 04, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-5642
CRITICAL
Apache Ambari 2.4.0-2.4.2 - Incorrect Default Permissions
Apr 03, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-5644
MEDIUM
Apache POI < 3.15 - Denial of Service via XML Entity Expansion
Mar 24, 2017
CVSS 5.5
EPSS 0.05
CVE-2017-5643
HIGH
Apache Camel < 2.16.0 - Server-Side Request Forgery via Remote DTDs
Mar 16, 2017
CVSS 7.4
EPSS 0.05
CVE-2017-5638
CRITICAL
KEVNUCLEI
Apache Struts 2.3.x < 2.3.32 and 2.5.x < 2.5.10.1 - Remote Code Execution via Jakarta Multipart Parser
Mar 11, 2017
CVSS 9.8
EPSS 1.00
CVE-2017-3159
CRITICAL
Apache Camel < 2.14.4 - Deserialization of Untrusted Data via SnakeYAML
Mar 07, 2017
CVSS 9.8
EPSS 0.06
CVE-2016-6804
HIGH
Apache OpenOffice < 4.1.3 - DLL Hijacking via Installer
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2016-6803
HIGH
Apache OpenOffice < 4.1.3 - Untrusted Search Path
Nov 13, 2017
CVSS 7.8
EPSS 0.02
CVE-2016-8748
MEDIUM
Apache NiFi < 1.0.1 and 1.1.x < 1.1.1 - Cross-Site Scripting in Connection Details Dialog
Oct 19, 2017
CVSS 5.4
EPSS 0.02
CVE-2016-8734
MEDIUM
Apache Subversion <1.8.16, <1.9.4 - DoS
Oct 16, 2017
CVSS 6.5
EPSS 0.06
CVE-2016-6815
MEDIUM
Apache Ranger < 0.6.2 - Unauthorized Password Change for Admin Users
Oct 13, 2017
CVSS 6.5
EPSS 0.02
CVE-2016-8736
CRITICAL
Apache OpenMeetings < 3.1.2 - Remote Code Execution via RMI Deserialization
Oct 12, 2017
CVSS 9.8
EPSS 0.05
Products
Apache Tomcat 52
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache OpenMeetings 16
Apache APISIX 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters