Vulnerabilities in Apache Software Foundation

1,872 results

CVE-2018-8024—In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark clusterEPSS 5.0%CVE-2021-26461—malloc, realloc and memalign implementations are vulnerable to integer wrap-aroundsEPSS 5.0%CVE-2018-11793—When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.EPSS 5.0%CVE-2017-12619—Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reportEPSS 4.9%CVE-2021-30245—Code execution in Apache OpenOffice via non-http(s) schemes in HyperlinksEPSS 4.9%CVE-2019-10078—A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to sessEPSS 4.9%CVE-2017-15697—A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code executioEPSS 4.9%CVE-2017-5643—Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.EPSS 4.9%CVE-2017-15707—In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack usiEPSS 4.9%CVE-2018-11798—The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in whiEPSS 4.9%CVE-2017-9799—It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possEPSS 4.9%CVE-2023-23638MEDIUMApache Dubbo Deserialization Vulnerability Gadgets BypassEPSS 4.8%CVE-2018-8036—In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to anEPSS 4.8%CVE-2018-1288—In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reseEPSS 4.8%CVE-2017-7670—The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TEPSS 4.8%CVE-2016-8736—Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.EPSS 4.8%CVE-2019-10076—A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to sessioEPSS 4.7%CVE-2022-22728—libapreq2 multipart form parse memory corruptionEPSS 4.7%CVE-2019-12410—While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, leftEPSS 4.7%CVE-2019-10077—A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijaEPSS 4.7%

← previouspage 21 / 94next →