Vulnerabilidades en Apache Software Foundation

1865 resultados

CVE-2021-44228CRITICALApache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpointsEPSS 100.0%KEV CVE-2017-5638CRITICALThe Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-mesEPSS 100.0%KEV CVE-2021-40438CRITICALmod_proxy SSRFEPSS 100.0%KEV CVE-2021-45105MEDIUMApache Log4j2 does not always protect from infinite recursion in lookup evaluationEPSS 100.0%CVE-2018-11776HIGHApache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (eiEPSS 100.0%KEV CVE-2021-41773HIGHPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49EPSS 100.0%KEV CVE-2017-12617HIGHWhen running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.EPSS 100.0%KEV CVE-2024-45195CRITICALApache OFBiz: Confused controller-view authorization logic (forced browsing)EPSS 100.0%KEV CVE-2021-45046CRITICALApache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attackEPSS 100.0%KEV CVE-2021-42013CRITICALPath Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)EPSS 100.0%KEV CVE-2024-38475CRITICALApache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.EPSS 100.0%KEV CVE-2025-24813CRITICALApache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUTEPSS 99.9%KEV CVE-2022-42889—Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaultsEPSS 99.9%CVE-2017-12635—Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x bEPSS 99.8%CVE-2023-46604CRITICALApache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attackEPSS 99.7%KEV CVE-2017-12615HIGHWhen running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the EPSS 99.6%KEV CVE-2017-9805HIGHThe REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStreaEPSS 99.5%KEV CVE-2024-32113CRITICALApache OFBiz: Path traversal leading to RCEEPSS 99.4%KEV CVE-2024-38856HIGHApache OFBiz: Unauthenticated endpoint could allow execution of screen rendering codeEPSS 99.4%KEV CVE-2021-25646—Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.EPSS 99.2%

← anteriorpágina 1 / 94siguiente →