Vulnerabilities in Apache Software Foundation

1,872 results
CVE-2022-35741Apache CloudStack SAML Single Sign-On XXEEPSS 6.7%CVE-2018-1295In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, whicEPSS 6.7%CVE-2021-41079Apache Tomcat DoS with unexpected TLS packetEPSS 6.7%CVE-2021-22696OAuth 2 authorization service vulnerable to DDos attacksEPSS 6.6%CVE-2017-3163When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts aEPSS 6.6%CVE-2021-30638An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and laterEPSS 6.6%CVE-2021-37579Bypass deserialization checks in Apache DubboEPSS 6.5%CVE-2020-1931A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be confEPSS 6.5%CVE-2016-8734Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-serviEPSS 6.4%CVE-2020-13959Velocity Tools XSS VulnerabilityEPSS 6.4%CVE-2017-3156The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signatEPSS 6.3%CVE-2018-8004There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATSEPSS 6.3%CVE-2024-52316CRITICALApache Tomcat: Authentication bypass when using Jakarta Authentication APIEPSS 6.3%CVE-2017-3159Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can leadEPSS 6.3%CVE-2023-41835HIGHApache Struts: excessive disk usageEPSS 6.3%CVE-2021-23926XMLBeans XML Entity ExpansionEPSS 6.3%CVE-2017-15702In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of whiEPSS 6.2%CVE-2017-3162HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is notEPSS 6.2%CVE-2017-15706As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7EPSS 6.2%CVE-2016-8741The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among thEPSS 6.2%