apache

3,096 tracked vulnerabilities.

CVE-2017-15717 MEDIUM
Apache Sling XSS Protection API 1.0.4-1.0.18 and 2.0.0 - Cross-Site Scripting via URL Validation Bypass
Jan 10, 2018
CVSS 6.1
EPSS 0.03
CVE-2017-9796 MEDIUM
Apache Geode <1.3.0 - Info Disclosure
Jan 10, 2018
CVSS 5.3
EPSS 0.01
CVE-2017-9795 HIGH
Apache Geode < 1.3.0 - Unauthorized Data Access and Remote Code Execution via OQL Queries
Jan 10, 2018
CVSS 7.5
EPSS 0.04
CVE-2017-12622 HIGH
Apache Geode < 1.3.0 - Authenticated Exposure of Sensitive Information via gfsh HTTP Connection
Jan 10, 2018
CVSS 7.1
EPSS 0.02
CVE-2017-17837 MEDIUM
Apache DeltaSpike-JSF 1.8.0 - Cross-Site Scripting in WindowId Handling
Jan 04, 2018
CVSS 6.1
EPSS 0.04
CVE-2017-15714 CRITICAL
Apache OFBiz 16.11.01-16.11.03 - Cross-Site Scripting via BIRT Plugin URL Parameter
Jan 04, 2018
CVSS 9.8
EPSS 0.03
CVE-2017-5641 CRITICAL
Apache Flex BlazeDS < 4.7.3 - Deserialization of Untrusted Data via AMF(X) Object Deserialization
Dec 28, 2017
CVSS 9.8
EPSS 0.21
CVE-2017-15700 HIGH
Apache Sling Authentication Service 1.4.0 - Exposure of Sensitive Information via Login Form Redirect
Dec 18, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-12630 MEDIUM
Apache Drill < 1.11.0 - Stored Cross-Site Scripting via Query Page Form Submission
Dec 18, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-5663 HIGH
Apache Fineract <=0.6.0-incubating Authenticated SQL Injection via sqlSearch
Dec 14, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-15708 CRITICAL
Apache Synapse < 3.0.1 - Unauthenticated Remote Code Execution via RMI Deserialization
Dec 11, 2017
CVSS 9.8
EPSS 0.18
CVE-2017-15707 MEDIUM
Apache Struts 2.5-2.5.14 - Denial of Service via Malicious JSON Payload
Dec 01, 2017
CVSS 6.2
EPSS 0.05
CVE-2017-15702 CRITICAL
Apache Qpid Broker-J 0.18-0.32 - Unauthenticated Authentication Provider Spoofing via HTTP Port
Dec 01, 2017
CVSS 9.8
EPSS 0.06
CVE-2017-15701 HIGH
Apache Qpid Broker-J 6.1.0-6.1.4 - Unauthenticated Denial of Service via AMQP 1.0 Frame Size Exhaustion
Dec 01, 2017
CVSS 7.5
EPSS 0.04
CVE-2017-12631 HIGH
Apache CXF Fediz < 1.3.3 and 1.4.x < 1.4.3 - Cross-Site Request Forgery
Nov 30, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-3157 MEDIUM
Apache OpenOffice < 4.1.4 - Unauthenticated Exposure of Sensitive Information via Embedded Object File Read
Nov 20, 2017
CVSS 5.5
EPSS 0.03
CVE-2017-12608 HIGH
Apache OpenOffice < 4.1.4 - Memory Corruption and Remote Code Execution via DOC File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-12607 HIGH
Apache OpenOffice < 4.1.4 - Out-of-bounds Write in PPT File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-9806 HIGH
OpenOffice Writer <4.1.4 - Memory Corruption
Nov 20, 2017
CVSS 7.8
EPSS 0.02
CVE-2017-1000190 CRITICAL
Apache Solr - XML External Entity Injection via SimpleXML Parser
Nov 17, 2017
CVSS 9.1
EPSS 0.05
CVE-2017-12634 CRITICAL
Apache Camel 2.0.0-2.19.3, 2.20.0 - Deserialization of Untrusted Data in camel-castor
Nov 15, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-12633 CRITICAL
Apache Camel 2.0.0-2.19.3 and 2.20.0 - Deserialization of Untrusted Data in camel-hessian
Nov 15, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-12636 HIGH
Apache CouchDB < 1.7.0 and 2.x < 2.1.1 - Authenticated OS Command Injection via Configuration Options
Nov 14, 2017
CVSS 7.2
EPSS 0.91
CVE-2017-12635 CRITICAL NUCLEI
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Nov 14, 2017
CVSS 9.8
EPSS 1.00
CVE-2017-12624 MEDIUM
Apache CXF 3.0.0-3.0.15, 3.1.0-3.1.13, 3.2.0 - Denial of Service via Large Message Attachment Header
Nov 14, 2017
CVSS 5.5
EPSS 0.04