apache
3,096 tracked vulnerabilities.
CVE-2017-15717
MEDIUM
Apache Sling XSS Protection API 1.0.4-1.0.18 and 2.0.0 - Cross-Site Scripting via URL Validation Bypass
Jan 10, 2018
CVSS 6.1
EPSS 0.03
CVE-2017-9796
MEDIUM
Apache Geode <1.3.0 - Info Disclosure
Jan 10, 2018
CVSS 5.3
EPSS 0.01
CVE-2017-9795
HIGH
Apache Geode < 1.3.0 - Unauthorized Data Access and Remote Code Execution via OQL Queries
Jan 10, 2018
CVSS 7.5
EPSS 0.04
CVE-2017-12622
HIGH
Apache Geode < 1.3.0 - Authenticated Exposure of Sensitive Information via gfsh HTTP Connection
Jan 10, 2018
CVSS 7.1
EPSS 0.02
CVE-2017-17837
MEDIUM
Apache DeltaSpike-JSF 1.8.0 - Cross-Site Scripting in WindowId Handling
Jan 04, 2018
CVSS 6.1
EPSS 0.04
CVE-2017-15714
CRITICAL
Apache OFBiz 16.11.01-16.11.03 - Cross-Site Scripting via BIRT Plugin URL Parameter
Jan 04, 2018
CVSS 9.8
EPSS 0.03
CVE-2017-5641
CRITICAL
Apache Flex BlazeDS < 4.7.3 - Deserialization of Untrusted Data via AMF(X) Object Deserialization
Dec 28, 2017
CVSS 9.8
EPSS 0.21
CVE-2017-15700
HIGH
Apache Sling Authentication Service 1.4.0 - Exposure of Sensitive Information via Login Form Redirect
Dec 18, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-12630
MEDIUM
Apache Drill < 1.11.0 - Stored Cross-Site Scripting via Query Page Form Submission
Dec 18, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-5663
HIGH
Apache Fineract <=0.6.0-incubating Authenticated SQL Injection via sqlSearch
Dec 14, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-15708
CRITICAL
Apache Synapse < 3.0.1 - Unauthenticated Remote Code Execution via RMI Deserialization
Dec 11, 2017
CVSS 9.8
EPSS 0.18
CVE-2017-15707
MEDIUM
Apache Struts 2.5-2.5.14 - Denial of Service via Malicious JSON Payload
Dec 01, 2017
CVSS 6.2
EPSS 0.05
CVE-2017-15702
CRITICAL
Apache Qpid Broker-J 0.18-0.32 - Unauthenticated Authentication Provider Spoofing via HTTP Port
Dec 01, 2017
CVSS 9.8
EPSS 0.06
CVE-2017-15701
HIGH
Apache Qpid Broker-J 6.1.0-6.1.4 - Unauthenticated Denial of Service via AMQP 1.0 Frame Size Exhaustion
Dec 01, 2017
CVSS 7.5
EPSS 0.04
CVE-2017-12631
HIGH
Apache CXF Fediz < 1.3.3 and 1.4.x < 1.4.3 - Cross-Site Request Forgery
Nov 30, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-3157
MEDIUM
Apache OpenOffice < 4.1.4 - Unauthenticated Exposure of Sensitive Information via Embedded Object File Read
Nov 20, 2017
CVSS 5.5
EPSS 0.03
CVE-2017-12608
HIGH
Apache OpenOffice < 4.1.4 - Memory Corruption and Remote Code Execution via DOC File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-12607
HIGH
Apache OpenOffice < 4.1.4 - Out-of-bounds Write in PPT File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-9806
HIGH
OpenOffice Writer <4.1.4 - Memory Corruption
Nov 20, 2017
CVSS 7.8
EPSS 0.02
CVE-2017-1000190
CRITICAL
Apache Solr - XML External Entity Injection via SimpleXML Parser
Nov 17, 2017
CVSS 9.1
EPSS 0.05
CVE-2017-12634
CRITICAL
Apache Camel 2.0.0-2.19.3, 2.20.0 - Deserialization of Untrusted Data in camel-castor
Nov 15, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-12633
CRITICAL
Apache Camel 2.0.0-2.19.3 and 2.20.0 - Deserialization of Untrusted Data in camel-hessian
Nov 15, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-12636
HIGH
Apache CouchDB < 1.7.0 and 2.x < 2.1.1 - Authenticated OS Command Injection via Configuration Options
Nov 14, 2017
CVSS 7.2
EPSS 0.91
CVE-2017-12635
CRITICAL
NUCLEI
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Nov 14, 2017
CVSS 9.8
EPSS 1.00
CVE-2017-12624
MEDIUM
Apache CXF 3.0.0-3.0.15, 3.1.0-3.1.13, 3.2.0 - Denial of Service via Large Message Attachment Header
Nov 14, 2017
CVSS 5.5
EPSS 0.04
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters