Filtered by vendor Apache
Subscriptions
Total
2436 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7679 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Jboss Core Services and 2 more | 2025-04-20 | N/A |
| In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. | ||||
| CVE-2017-7674 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-20 | N/A |
| The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. | ||||
| CVE-2017-7673 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. | ||||
| CVE-2017-7676 | 1 Apache | 1 Ranger | 2025-04-20 | N/A |
| Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior. | ||||
| CVE-2017-7680 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains. | ||||
| CVE-2017-7667 | 1 Apache | 1 Nifi | 2025-04-20 | N/A |
| Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin. | ||||
| CVE-2017-7666 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | ||||
| CVE-2017-7669 | 1 Apache | 1 Hadoop | 2025-04-20 | N/A |
| In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. | ||||
| CVE-2017-7664 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | ||||
| CVE-2017-7663 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | ||||
| CVE-2017-7665 | 1 Apache | 1 Nifi | 2025-04-20 | N/A |
| In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient. | ||||
| CVE-2017-7672 | 1 Apache | 1 Struts | 2025-04-20 | N/A |
| If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12. | ||||
| CVE-2017-7681 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. | ||||
| CVE-2017-7683 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | ||||
| CVE-2017-6891 | 3 Apache, Debian, Gnu | 3 Bookkeeper, Debian Linux, Libtasn1 | 2025-04-20 | 8.8 High |
| Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. | ||||
| CVE-2017-5659 | 1 Apache | 1 Traffic Server | 2025-04-20 | N/A |
| Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | ||||
| CVE-2017-5656 | 2 Apache, Redhat | 4 Cxf, Jboss Amq, Jboss Fuse and 1 more | 2025-04-20 | N/A |
| Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. | ||||
| CVE-2017-5662 | 2 Apache, Redhat | 5 Batik, Jboss Amq, Jboss Bpms and 2 more | 2025-04-20 | N/A |
| In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. | ||||
| CVE-2017-7661 | 1 Apache | 1 Cxf Fediz | 2025-04-20 | N/A |
| Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4. | ||||
| CVE-2017-5653 | 2 Apache, Redhat | 3 Cxf, Jboss Amq, Jboss Fuse | 2025-04-20 | N/A |
| JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. | ||||