apache

3,096 tracked vulnerabilities.

CVE-2017-12610 MEDIUM
Apache Kafka 0.10.0.0-0.10.2.1 and 0.11.0.0-0.11.0.1 - Authenticated Impersonation via SASL/PLAIN or SASL/SCRAM
Jul 26, 2018
CVSS 6.8
EPSS 0.03
CVE-2017-15695 HIGH
Apache Geode 1.0.0-1.4.0 - Remote Code Execution via Internal Function Invocation
Jun 13, 2018
CVSS 8.8
EPSS 0.03
CVE-2017-15691 MEDIUM
Apache UIMA < 2.10.2 - XML External Entity Injection
Apr 26, 2018
CVSS 6.5
EPSS 0.09
CVE-2017-15715 HIGH NUCLEI
Apache httpd <=2.4.29 - Arbitrary File Upload
Mar 26, 2018
CVSS 8.1
EPSS 0.86
CVE-2017-15710 HIGH
Apache HTTP Server 2.0.23-2.0.65, 2.2.0-2.2.34, 2.4.0-2.4.29 - Out-of-bounds Write in mod_authnz_ldap
Mar 26, 2018
CVSS 7.5
EPSS 0.18
CVE-2017-12174 HIGH
Apache ActiveMQ Artemis and HornetQ < 2.4.0 - Uncontrolled Resource Consumption via UDP Discovery
Mar 07, 2018
CVSS 7.5
EPSS 0.06
CVE-2017-12627 CRITICAL
Apache Xerces-C++ < 3.2.1 - Null Pointer Dereference via External DTD Path Processing
Mar 01, 2018
CVSS 9.8
EPSS 0.08
CVE-2017-7671 HIGH
Apache Traffic Server 5.2.0-5.3.2, 6.0.0-6.2.0, 7.0.0 - Denial of Service via TLS Handshake
Feb 27, 2018
CVSS 7.5
EPSS 0.02
CVE-2017-5660 HIGH
Apache Traffic Server <= 6.2.0 and <= 7.0.0 - Improper Input Validation via Host Header Line Folding
Feb 27, 2018
CVSS 8.6
EPSS 0.02
CVE-2017-15693 HIGH
Apache Geode < 1.4.0 - Remote Code Execution via Untrusted Data Deserialization
Feb 27, 2018
CVSS 7.5
EPSS 0.03
CVE-2017-15692 CRITICAL
Apache Geode < 1.4.0 - Remote Code Execution via TcpServer Deserialization
Feb 27, 2018
CVSS 9.8
EPSS 0.05
CVE-2017-15696 HIGH
Apache Geode 1.0.0-1.3.0 & geode-core 1.0.0-1.4.0 - Sensitive Info Exposure via Config Service
Feb 26, 2018
CVSS 7.5
EPSS 0.02
CVE-2017-15712 MEDIUM
Apache Oozie 3.1.3-4.3.0 and 5.0.0-beta1 - Path Traversal via Workflow XML File
Feb 19, 2018
CVSS 6.5
EPSS 0.03
CVE-2017-15699 MEDIUM
Apache Qpid Dispatch Router 0.7.0 and 0.8.0 - Denial of Service via Crafted AMQP Frame
Feb 13, 2018
CVSS 6.5
EPSS 0.03
CVE-2017-15709 LOW
Apache ActiveMQ 5.14.0-5.15.2 - Exposure of Sensitive System Information via OpenWire Protocol
Feb 13, 2018
CVSS 3.7
EPSS 0.23
CVE-2017-3160 HIGH
Apache Cordova < 6.1.2 - Unauthenticated Man-in-the-Middle Attack via Insecure Gradle Download
Feb 01, 2018
CVSS 7.4
EPSS 0.04
CVE-2017-15706 MEDIUM
Apache Tomcat 7.0.79-9.0.1 - Info Disclosure
Jan 31, 2018
CVSS 5.3
EPSS 0.06
CVE-2017-15698 MEDIUM
Apache Tomcat Native 1.1.23-1.1.34 and 1.2.0-1.2.14 - Improper Certificate Validation in AIA-Extension Field
Jan 31, 2018
CVSS 5.9
EPSS 0.04
CVE-2017-12626 HIGH
Apache POI < 3.17 - Denial of Service via Crafted WMF EMF MSG Macro DOC PPT XLS Parsing
Jan 29, 2018
CVSS 7.5
EPSS 0.10
CVE-2017-15703 MEDIUM
Apache NiFi 1.0.0-1.3.0 - Authenticated Denial of Service via Java Deserialization
Jan 25, 2018
CVSS 5.0
EPSS 0.01
CVE-2017-15718 CRITICAL
Apache Hadoop <2.7.5 - Info Disclosure
Jan 24, 2018
CVSS 9.8
EPSS 0.04
CVE-2017-15697 CRITICAL
Apache NiFi 1.0.0-1.4.0 - Remote Code Execution via X-ProxyContextPath or X-Forwarded-Context Header
Jan 23, 2018
CVSS 9.8
EPSS 0.05
CVE-2017-12632 HIGH
Apache NiFi < 1.5.0 - Server-Side Request Forgery via Host Header
Jan 23, 2018
CVSS 7.5
EPSS 0.03
CVE-2017-15713 MEDIUM
Apache Hadoop Sensitive Information Exposure via Malicious Configuration
Jan 19, 2018
CVSS 6.5
EPSS 0.02
CVE-2017-3158 HIGH
Apache Guacamole 0.9.5-0.9.10-incubating - Buffer Overflow via Terminal Emulator Race Condition
Jan 18, 2018
CVSS 8.1
EPSS 0.01