Vulnerabilities in Apache Software Foundation

1,872 results

CVE-2022-28615CRITICALRead beyond bounds in ap_strcmp_match()EPSS 5.7%CVE-2018-11804—Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. EPSS 5.7%CVE-2022-29404—Denial of service in mod_lua r:parsebodyEPSS 5.7%CVE-2016-6813—Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious EPSS 5.6%CVE-2017-7660—Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially craEPSS 5.5%CVE-2018-8027—Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.EPSS 5.5%CVE-2018-1282—This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cEPSS 5.5%CVE-2021-40146—A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YAMLExtractor.javaEPSS 5.5%CVE-2016-8750—Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames pEPSS 5.5%CVE-2023-34396MEDIUMApache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart formsEPSS 5.5%CVE-2018-11762—In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and tEPSS 5.4%CVE-2023-34149MEDIUMApache Struts: DoS via OOM owing to not properly checking of list boundsEPSS 5.4%CVE-2018-20242—A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijackEPSS 5.4%CVE-2025-54920HIGHApache Spark: Spark History Server Code Execution VulnerabilityEPSS 5.3%CVE-2018-1337—In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connectiEPSS 5.3%CVE-2021-29943—Apache Solr Unprivileged users may be able to perform unauthorized read/write to collectionsEPSS 5.3%CVE-2018-11771—When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to retEPSS 5.3%CVE-2026-33453CRITICALApache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code ExecutionEPSS 5.1%CVE-2021-44548—Apache Solr information disclosure vulnerability through DataImportHandlerEPSS 5.1%CVE-2017-15692—In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gEPSS 5.1%

← previouspage 20 / 94next →