apache

3,096 tracked vulnerabilities.

CVE-2017-5646 MEDIUM
Apache Knox 0.2.0-0.11.0 - Authenticated User Impersonation via Crafted WebHDFS URL
May 26, 2017
CVSS 6.8
EPSS 0.01
CVE-2017-6891 HIGH
GnuTLS libtasn1 <4.10 - Buffer Overflow
May 22, 2017
CVSS 8.8
EPSS 0.06
CVE-2017-5657 HIGH
Apache Archiva < 2.2.1 - Cross-Site Request Forgery
May 22, 2017
CVSS 8.0
EPSS 0.01
CVE-2017-7662 HIGH
Apache CXF Fediz <1.4.0-1.3.2 - CSRF
May 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-7661 HIGH
Apache CXF Fediz <1.4.0-1.2.4 - CSRF
May 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-5655 MEDIUM
Apache Ambari 2.2.2-2.4.2 and 2.5.0 - Unauthorized Sensitive Data Exposure via Temporary Files
May 15, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-5654 HIGH
Ambari <2.4.3-2.5.0 - Info Disclosure
May 12, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-3162 HIGH
Apache Hadoop < 2.7.0 - Server-Side Request Forgery via Unvalidated NameNode Parameter
Apr 26, 2017
CVSS 7.3
EPSS 0.06
CVE-2017-3161 MEDIUM
Apache Hadoop < 2.7.0 - Cross-Site Scripting via HDFS Web UI Query Parameter
Apr 26, 2017
CVSS 6.1
EPSS 0.04
CVE-2017-5656 HIGH
Apache CXF <3.1.11, <3.0.13 - Privilege Escalation
Apr 18, 2017
CVSS 7.5
EPSS 0.07
CVE-2017-5653 MEDIUM
Apache CXF 3.0.0-3.0.12 and 3.1.0-3.1.10 - Improper Certificate Validation in JAX-RS XML Security Streaming Clients
Apr 18, 2017
CVSS 5.3
EPSS 0.11
CVE-2017-5662 HIGH
Apache Batik < 1.9 - XML External Entity Injection
Apr 18, 2017
CVSS 7.3
EPSS 0.04
CVE-2017-5661 HIGH
Apache FOP < 2.2 - XML External Entity Injection via Malicious SVG File
Apr 18, 2017
CVSS 7.3
EPSS 0.03
CVE-2017-5645 CRITICAL NUCLEI
Apache Log4j 2.0-2.8.1 - Remote Code Execution via Untrusted Data Deserialization
Apr 17, 2017
CVSS 9.8
EPSS 0.89
CVE-2017-5659 HIGH
Apache Traffic Server < 6.2.1 - Denial of Service via Content Length and Chunked Encoding Mismatch
Apr 17, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-5651 CRITICAL
Apache Tomcat <9.0.0.M19-<8.5.13 - Info Disclosure
Apr 17, 2017
CVSS 9.8
EPSS 0.08
CVE-2017-5650 HIGH
Apache Tomcat 8.5.0-8.5.12 and 9.0.0.M1-9.0.0.M18 - Denial of Service via HTTP/2 GOAWAY Frame Handling
Apr 17, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-5648 CRITICAL
Apache Tomcat < 9.0.0.M18 - Exposure to Wrong Actor
Apr 17, 2017
CVSS 9.1
EPSS 0.13
CVE-2017-5647 HIGH
Apache Tomcat < 9.0.0.M19 - Information Disclosure
Apr 17, 2017
CVSS 7.5
EPSS 0.17
CVE-2017-5649 HIGH
Apache Geode < 1.1.1 - Authenticated Sensitive Data Exposure via Pulse Data Browser
Apr 04, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-5642 CRITICAL
Apache Ambari 2.4.0-2.4.2 - Incorrect Default Permissions
Apr 03, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-5644 MEDIUM
Apache POI < 3.15 - Denial of Service via XML Entity Expansion
Mar 24, 2017
CVSS 5.5
EPSS 0.05
CVE-2017-5643 HIGH
Apache Camel < 2.16.0 - Server-Side Request Forgery via Remote DTDs
Mar 16, 2017
CVSS 7.4
EPSS 0.05
CVE-2017-5638 CRITICAL KEVNUCLEI
Apache Struts 2.3.x < 2.3.32 and 2.5.x < 2.5.10.1 - Remote Code Execution via Jakarta Multipart Parser
Mar 11, 2017
CVSS 9.8
EPSS 1.00
CVE-2017-3159 CRITICAL
Apache Camel < 2.14.4 - Deserialization of Untrusted Data via SnakeYAML
Mar 07, 2017
CVSS 9.8
EPSS 0.06