Apache Software Foundation

347 tracked vulnerabilities.

CVE-2017-12607 HIGH
Apache OpenOffice < 4.1.4 - Out-of-bounds Write in PPT File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.01
CVE-2017-9806 HIGH
OpenOffice Writer <4.1.4 - Memory Corruption
Nov 20, 2017
CVSS 7.8
EPSS 0.02
CVE-2017-12634 CRITICAL
Apache Camel 2.0.0-2.19.3, 2.20.0 - Deserialization of Untrusted Data in camel-castor
Nov 15, 2017
CVSS 9.8
EPSS 0.06
CVE-2017-12633 CRITICAL
Apache Camel 2.0.0-2.19.3 and 2.20.0 - Deserialization of Untrusted Data in camel-hessian
Nov 15, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-12636 HIGH
Apache CouchDB < 1.7.0 and 2.x < 2.1.1 - Authenticated OS Command Injection via Configuration Options
Nov 14, 2017
CVSS 7.2
EPSS 0.94
CVE-2017-12635 CRITICAL NUCLEI
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Nov 14, 2017
CVSS 9.8
EPSS 0.94
CVE-2017-12624 MEDIUM
Apache CXF 3.0.0-3.0.15, 3.1.0-3.1.13, 3.2.0 - Denial of Service via Large Message Attachment Header
Nov 14, 2017
CVSS 5.5
EPSS 0.04
CVE-2017-3166 HIGH
Apache Hadoop 2.6.1-2.6.5, 2.7.0-2.7.3, 3.0.0-alpha1-3.0.0-alpha3 - Sensitive File Exposure via YARN
Nov 13, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-12625 MEDIUM
Apache Hive <2.1.2, <2.2.1, <2.3.1 - Sensitive Information Exposure via Masking Bypass
Nov 01, 2017
CVSS 4.3
EPSS 0.00
CVE-2017-12618 MEDIUM
Apache Portable Runtime Utility <= 1.6.0 - Out-of-bounds Read via SDBM Database File
Oct 24, 2017
CVSS 4.7
EPSS 0.01
CVE-2017-12613 HIGH
Apache Portable Runtime < 1.7.0 - Out-of-bounds Read via Invalid Month Field
Oct 24, 2017
CVSS 7.1
EPSS 0.00
CVE-2017-12628 HIGH
Apache James < 3.0.1 - Deserialization of Untrusted Data via JMX Server
Oct 20, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-5636 CRITICAL
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Permission Impersonation via Crafted Username
Oct 19, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-5635 HIGH
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Improper Authentication in Cluster Request Replication
Oct 19, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-12623 MEDIUM
Apache NiFi 1.0.0-1.3.0 - Authenticated XML External Entity Injection via Template Upload
Oct 10, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-5637 HIGH
Apache ZooKeeper 3.4.0-3.4.9 and 3.5.0-3.5.2 - Unauthenticated Denial of Service via wchp/wchc Commands
Oct 10, 2017
CVSS 7.5
EPSS 0.17
CVE-2017-9792 MEDIUM
Apache Impala <2.10.0 - Privilege Escalation
Oct 04, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-12617 HIGH KEVNUCLEI
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
Oct 04, 2017
CVSS 8.1
EPSS 0.94
CVE-2017-9797 MEDIUM
Apache Geode <v1.2.1 - Info Disclosure/DoS
Oct 03, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-12620 CRITICAL
Apache OpenNLP 1.5.0-1.5.3 1.6.0 1.7.0-1.7.2 1.8.0-1.8.1 - XML External Entity Injection
Oct 03, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-9794 MEDIUM
Apache Geode <1.2.1 - Info Disclosure
Sep 30, 2017
CVSS 4.3
EPSS 0.00
CVE-2017-9790 HIGH
Apache Mesos <1.1.3, 1.2.x <1.2.2, 1.3.x <1.3.1, 1.4.0-dev - DoS
Sep 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-7687 HIGH
Apache Mesos <1.1.3-1.4.0-dev - DoS
Sep 29, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-12621 CRITICAL
Apache Commons Jelly < 1.0.1 - XML External Entity Injection via Custom Doctype Entity
Sep 28, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-9804 HIGH
Apache Struts 2.3.7-2.3.33, 2.5-2.5.12 - DoS
Sep 20, 2017
CVSS 7.5
EPSS 0.05
Products
Apache Tomcat 42 Apache HTTP Server 23 Apache OFBiz 20 Apache Airflow 19 Apache OpenMeetings 15 Apache Camel 11 Apache Struts 11 Apache Thrift 11 Apache CXF 9 Apache ActiveMQ 8 Apache Atlas 8 Apache NiFi 8 Apache CloudStack 7 Apache ActiveMQ All 6 Apache Hadoop 6 Apache OpenOffice 6 Apache Wicket 6 Apache ActiveMQ Broker 5 Apache Ranger 5 Apache Ambari 4 Apache Log4j Core 4 Apache MINA 4 Apache OpenNLP 4 Apache Polaris 4 Apache Traffic Server 4 Apache APISIX 3 Apache Brooklyn 3 Apache CXF Fediz 3 Apache Cassandra 3 Apache DolphinScheduler 3
Quick Filters
Critical CVEs With Exploits In CISA KEV