apache

2,905 tracked vulnerabilities.

CVE-2017-12608 HIGH
Apache OpenOffice < 4.1.4 - Memory Corruption and Remote Code Execution via DOC File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.01
CVE-2017-12607 HIGH
Apache OpenOffice < 4.1.4 - Out-of-bounds Write in PPT File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.01
CVE-2017-9806 HIGH
OpenOffice Writer <4.1.4 - Memory Corruption
Nov 20, 2017
CVSS 7.8
EPSS 0.02
CVE-2017-1000190 CRITICAL
Apache Solr - XML External Entity Injection via SimpleXML Parser
Nov 17, 2017
CVSS 9.1
EPSS 0.01
CVE-2017-12634 CRITICAL
Apache Camel 2.0.0-2.19.3, 2.20.0 - Deserialization of Untrusted Data in camel-castor
Nov 15, 2017
CVSS 9.8
EPSS 0.06
CVE-2017-12633 CRITICAL
Apache Camel 2.0.0-2.19.3 and 2.20.0 - Deserialization of Untrusted Data in camel-hessian
Nov 15, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-12636 HIGH
Apache CouchDB < 1.7.0 and 2.x < 2.1.1 - Authenticated OS Command Injection via Configuration Options
Nov 14, 2017
CVSS 7.2
EPSS 0.94
CVE-2017-12635 CRITICAL NUCLEI
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Nov 14, 2017
CVSS 9.8
EPSS 0.94
CVE-2017-12624 MEDIUM
Apache CXF 3.0.0-3.0.15, 3.1.0-3.1.13, 3.2.0 - Denial of Service via Large Message Attachment Header
Nov 14, 2017
CVSS 5.5
EPSS 0.04
CVE-2017-3166 HIGH
Apache Hadoop 2.6.1-2.6.5, 2.7.0-2.7.3, 3.0.0-alpha1-3.0.0-alpha3 - Sensitive File Exposure via YARN
Nov 13, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-12625 MEDIUM
Apache Hive <2.1.2, <2.2.1, <2.3.1 - Sensitive Information Exposure via Masking Bypass
Nov 01, 2017
CVSS 4.3
EPSS 0.00
CVE-2017-12618 MEDIUM
Apache Portable Runtime Utility <= 1.6.0 - Out-of-bounds Read via SDBM Database File
Oct 24, 2017
CVSS 4.7
EPSS 0.01
CVE-2017-12613 HIGH
Apache Portable Runtime < 1.7.0 - Out-of-bounds Read via Invalid Month Field
Oct 24, 2017
CVSS 7.1
EPSS 0.00
CVE-2017-12628 HIGH
Apache James < 3.0.1 - Deserialization of Untrusted Data via JMX Server
Oct 20, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-5636 CRITICAL
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Permission Impersonation via Crafted Username
Oct 19, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-5635 HIGH
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Improper Authentication in Cluster Request Replication
Oct 19, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-12629 CRITICAL NUCLEI
Apache Solr < 7.1 - Remote Code Execution via XXE in XML Query Parser
Oct 14, 2017
CVSS 9.8
EPSS 0.94
CVE-2017-12623 MEDIUM
Apache NiFi 1.0.0-1.3.0 - Authenticated XML External Entity Injection via Template Upload
Oct 10, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-5637 HIGH
Apache ZooKeeper 3.4.0-3.4.9 and 3.5.0-3.5.2 - Unauthenticated Denial of Service via wchp/wchc Commands
Oct 10, 2017
CVSS 7.5
EPSS 0.17
CVE-2017-9792 MEDIUM
Apache Impala <2.10.0 - Privilege Escalation
Oct 04, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-12617 HIGH KEVNUCLEI
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
Oct 04, 2017
CVSS 8.1
EPSS 0.94
CVE-2017-9797 MEDIUM
Apache Geode <v1.2.1 - Info Disclosure/DoS
Oct 03, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-12620 CRITICAL
Apache OpenNLP 1.5.0-1.5.3 1.6.0 1.7.0-1.7.2 1.8.0-1.8.1 - XML External Entity Injection
Oct 03, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-9794 MEDIUM
Apache Geode <1.2.1 - Info Disclosure
Sep 30, 2017
CVSS 4.3
EPSS 0.00
CVE-2017-9790 HIGH
Apache Mesos <1.1.3, 1.2.x <1.2.2, 1.3.x <1.3.1, 1.4.0-dev - DoS
Sep 29, 2017
CVSS 7.5
EPSS 0.02
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV