apache
3,096 tracked vulnerabilities.
CVE-2017-5646
MEDIUM
Apache Knox 0.2.0-0.11.0 - Authenticated User Impersonation via Crafted WebHDFS URL
May 26, 2017
CVSS 6.8
EPSS 0.01
CVE-2017-6891
HIGH
GnuTLS libtasn1 <4.10 - Buffer Overflow
May 22, 2017
CVSS 8.8
EPSS 0.06
CVE-2017-5657
HIGH
Apache Archiva < 2.2.1 - Cross-Site Request Forgery
May 22, 2017
CVSS 8.0
EPSS 0.01
CVE-2017-7662
HIGH
Apache CXF Fediz <1.4.0-1.3.2 - CSRF
May 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-7661
HIGH
Apache CXF Fediz <1.4.0-1.2.4 - CSRF
May 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-5655
MEDIUM
Apache Ambari 2.2.2-2.4.2 and 2.5.0 - Unauthorized Sensitive Data Exposure via Temporary Files
May 15, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-5654
HIGH
Ambari <2.4.3-2.5.0 - Info Disclosure
May 12, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-3162
HIGH
Apache Hadoop < 2.7.0 - Server-Side Request Forgery via Unvalidated NameNode Parameter
Apr 26, 2017
CVSS 7.3
EPSS 0.06
CVE-2017-3161
MEDIUM
Apache Hadoop < 2.7.0 - Cross-Site Scripting via HDFS Web UI Query Parameter
Apr 26, 2017
CVSS 6.1
EPSS 0.04
CVE-2017-5656
HIGH
Apache CXF <3.1.11, <3.0.13 - Privilege Escalation
Apr 18, 2017
CVSS 7.5
EPSS 0.07
CVE-2017-5653
MEDIUM
Apache CXF 3.0.0-3.0.12 and 3.1.0-3.1.10 - Improper Certificate Validation in JAX-RS XML Security Streaming Clients
Apr 18, 2017
CVSS 5.3
EPSS 0.11
CVE-2017-5662
HIGH
Apache Batik < 1.9 - XML External Entity Injection
Apr 18, 2017
CVSS 7.3
EPSS 0.04
CVE-2017-5661
HIGH
Apache FOP < 2.2 - XML External Entity Injection via Malicious SVG File
Apr 18, 2017
CVSS 7.3
EPSS 0.03
CVE-2017-5645
CRITICAL
NUCLEI
Apache Log4j 2.0-2.8.1 - Remote Code Execution via Untrusted Data Deserialization
Apr 17, 2017
CVSS 9.8
EPSS 0.89
CVE-2017-5659
HIGH
Apache Traffic Server < 6.2.1 - Denial of Service via Content Length and Chunked Encoding Mismatch
Apr 17, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-5651
CRITICAL
Apache Tomcat <9.0.0.M19-<8.5.13 - Info Disclosure
Apr 17, 2017
CVSS 9.8
EPSS 0.08
CVE-2017-5650
HIGH
Apache Tomcat 8.5.0-8.5.12 and 9.0.0.M1-9.0.0.M18 - Denial of Service via HTTP/2 GOAWAY Frame Handling
Apr 17, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-5648
CRITICAL
Apache Tomcat < 9.0.0.M18 - Exposure to Wrong Actor
Apr 17, 2017
CVSS 9.1
EPSS 0.13
CVE-2017-5647
HIGH
Apache Tomcat < 9.0.0.M19 - Information Disclosure
Apr 17, 2017
CVSS 7.5
EPSS 0.17
CVE-2017-5649
HIGH
Apache Geode < 1.1.1 - Authenticated Sensitive Data Exposure via Pulse Data Browser
Apr 04, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-5642
CRITICAL
Apache Ambari 2.4.0-2.4.2 - Incorrect Default Permissions
Apr 03, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-5644
MEDIUM
Apache POI < 3.15 - Denial of Service via XML Entity Expansion
Mar 24, 2017
CVSS 5.5
EPSS 0.05
CVE-2017-5643
HIGH
Apache Camel < 2.16.0 - Server-Side Request Forgery via Remote DTDs
Mar 16, 2017
CVSS 7.4
EPSS 0.05
CVE-2017-5638
CRITICAL
KEVNUCLEI
Apache Struts 2.3.x < 2.3.32 and 2.5.x < 2.5.10.1 - Remote Code Execution via Jakarta Multipart Parser
Mar 11, 2017
CVSS 9.8
EPSS 1.00
CVE-2017-3159
CRITICAL
Apache Camel < 2.14.4 - Deserialization of Untrusted Data via SnakeYAML
Mar 07, 2017
CVSS 9.8
EPSS 0.06
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters