Vulnerabilities in Apache Software Foundation

1,872 results

CVE-2017-5650—In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams asEPSS 8.3%CVE-2018-11756—In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-pEPSS 8.2%CVE-2018-1320—Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.tEPSS 8.2%CVE-2018-11769—CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supEPSS 8.2%CVE-2016-6797—The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0EPSS 8.1%CVE-2016-0762—The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to EPSS 8.0%CVE-2017-15705—A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclEPSS 7.9%CVE-2021-44451—API sensitive information leakEPSS 7.9%CVE-2021-29262—Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settingsEPSS 7.8%CVE-2018-17191—Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). UsEPSS 7.8%CVE-2017-5651—In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file EPSS 7.8%CVE-2018-1318—Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache TraffiEPSS 7.7%CVE-2022-29266—apisix/jwt-auth may leak secrets in error responseEPSS 7.7%CVE-2018-8009—Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the ziEPSS 7.6%CVE-2022-25762—Response mix-up with WebSocket concurrent send and closeEPSS 7.5%CVE-2018-8022—A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issEPSS 7.5%CVE-2018-11788—Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folEPSS 7.5%CVE-2023-29234—Bypass serialize checks in Apache DubboEPSS 7.4%CVE-2016-8739—The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers EPSS 7.3%CVE-2017-9793—The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerableEPSS 7.3%

← previouspage 16 / 94next →