Vulnerabilities in Apache Software Foundation

1,872 results

CVE-2020-11982—An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, REPSS 7.2%CVE-2015-2992—Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.EPSS 7.2%CVE-2017-12634—The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerabEPSS 7.2%CVE-2016-6817HIGHThe HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that waEPSS 7.2%CVE-2016-8747HIGHAn information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. HEPSS 7.2%CVE-2023-37924—Apache Submarine: SQL injection from unauthorized loginEPSS 7.2%CVE-2016-6794—When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In EPSS 7.2%CVE-2017-12633—The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulneraEPSS 7.1%CVE-2017-7674—The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary hEPSS 7.1%CVE-2016-5397—The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tEPSS 7.1%CVE-2020-1930—A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can beEPSS 7.1%CVE-2021-30468—Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriterEPSS 7.0%CVE-2018-11775—TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM aEPSS 7.0%CVE-2024-32114HIGHApache ActiveMQ: Jolokia and REST API were not secured with default configurationEPSS 6.9%CVE-2018-11757—In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may aEPSS 6.9%CVE-2018-8005—When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause perforEPSS 6.9%CVE-2021-30639—DoS after non-blocking IO errorEPSS 6.9%CVE-2018-11796—In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() EPSS 6.9%CVE-2017-5656—Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means EPSS 6.8%CVE-2018-8018—In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/EPSS 6.8%

← previouspage 17 / 94next →