apache

2,905 tracked vulnerabilities.

CVE-2017-15706 MEDIUM
Apache Tomcat 7.0.79-9.0.1 - Info Disclosure
Jan 31, 2018
CVSS 5.3
EPSS 0.03
CVE-2017-15698 MEDIUM
Apache Tomcat Native 1.1.23-1.1.34 and 1.2.0-1.2.14 - Improper Certificate Validation in AIA-Extension Field
Jan 31, 2018
CVSS 5.9
EPSS 0.00
CVE-2017-12626 HIGH
Apache POI < 3.17 - Denial of Service via Crafted WMF EMF MSG Macro DOC PPT XLS Parsing
Jan 29, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-15703 MEDIUM
Apache NiFi 1.0.0-1.3.0 - Authenticated Denial of Service via Java Deserialization
Jan 25, 2018
CVSS 5.0
EPSS 0.00
CVE-2017-15718 CRITICAL
Apache Hadoop <2.7.5 - Info Disclosure
Jan 24, 2018
CVSS 9.8
EPSS 0.02
CVE-2017-15697 CRITICAL
Apache NiFi 1.0.0-1.4.0 - Remote Code Execution via X-ProxyContextPath or X-Forwarded-Context Header
Jan 23, 2018
CVSS 9.8
EPSS 0.02
CVE-2017-12632 HIGH
Apache NiFi < 1.5.0 - Server-Side Request Forgery via Host Header
Jan 23, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-15713 MEDIUM
Apache Hadoop Sensitive Information Exposure via Malicious Configuration
Jan 19, 2018
CVSS 6.5
EPSS 0.00
CVE-2017-3158 HIGH
Apache Guacamole 0.9.5-0.9.10-incubating - Buffer Overflow via Terminal Emulator Race Condition
Jan 18, 2018
CVSS 8.1
EPSS 0.01
CVE-2017-15717 MEDIUM
Apache Sling XSS Protection API 1.0.4-1.0.18 and 2.0.0 - Cross-Site Scripting via URL Validation Bypass
Jan 10, 2018
CVSS 6.1
EPSS 0.02
CVE-2017-9796 MEDIUM
Apache Geode <1.3.0 - Info Disclosure
Jan 10, 2018
CVSS 5.3
EPSS 0.00
CVE-2017-9795 HIGH
Apache Geode < 1.3.0 - Unauthorized Data Access and Remote Code Execution via OQL Queries
Jan 10, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-12622 HIGH
Apache Geode < 1.3.0 - Authenticated Exposure of Sensitive Information via gfsh HTTP Connection
Jan 10, 2018
CVSS 7.1
EPSS 0.00
CVE-2017-17837 MEDIUM
Apache DeltaSpike-JSF 1.8.0 - Cross-Site Scripting in WindowId Handling
Jan 04, 2018
CVSS 6.1
EPSS 0.02
CVE-2017-15714 CRITICAL
Apache OFBiz 16.11.01-16.11.03 - Cross-Site Scripting via BIRT Plugin URL Parameter
Jan 04, 2018
CVSS 9.8
EPSS 0.01
CVE-2017-5641 CRITICAL
Apache Flex BlazeDS < 4.7.3 - Deserialization of Untrusted Data via AMF(X) Object Deserialization
Dec 28, 2017
CVSS 9.8
EPSS 0.48
CVE-2017-15700 HIGH
Apache Sling Authentication Service 1.4.0 - Exposure of Sensitive Information via Login Form Redirect
Dec 18, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-12630 MEDIUM
Apache Drill < 1.11.0 - Stored Cross-Site Scripting via Query Page Form Submission
Dec 18, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-5663 HIGH
Apache Fineract <=0.6.0-incubating Authenticated SQL Injection via sqlSearch
Dec 14, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-15708 CRITICAL
Apache Synapse < 3.0.1 - Unauthenticated Remote Code Execution via RMI Deserialization
Dec 11, 2017
CVSS 9.8
EPSS 0.20
CVE-2017-15707 MEDIUM
Apache Struts 2.5-2.5.14 - Denial of Service via Malicious JSON Payload
Dec 01, 2017
CVSS 6.2
EPSS 0.02
CVE-2017-15702 CRITICAL
Apache Qpid Broker-J 0.18-0.32 - Unauthenticated Authentication Provider Spoofing via HTTP Port
Dec 01, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-15701 HIGH
Apache Qpid Broker-J 6.1.0-6.1.4 - Unauthenticated Denial of Service via AMQP 1.0 Frame Size Exhaustion
Dec 01, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-12631 HIGH
Apache CXF Fediz < 1.3.3 and 1.4.x < 1.4.3 - Cross-Site Request Forgery
Nov 30, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-3157 MEDIUM
Apache OpenOffice < 4.1.4 - Unauthenticated Exposure of Sensitive Information via Embedded Object File Read
Nov 20, 2017
CVSS 5.5
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV