Vulnerabilidades em Apache Software Foundation

1.865 resultados

CVE-2024-27348CRITICALApache HugeGraph-Server: Command execution in gremlinEPSS 99.2%KEV CVE-2020-11978HIGHAn issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the EPSS 99.1%KEV CVE-2017-9791CRITICALThe Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message tEPSS 98.9%KEV CVE-2021-26295—RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMIEPSS 98.0%CVE-2021-44832MEDIUMApache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configurationEPSS 97.9%CVE-2020-17519CRITICALApache Flink directory traversal attack: reading remote files through the REST APIEPSS 97.9%KEV CVE-2023-27524HIGHApache Superset: Session validation vulnerability when using provided default SECRET_KEYEPSS 97.4%KEV CVE-2021-44790—Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlierEPSS 97.1%CVE-2023-33246CRITICALApache RocketMQ: Possible remote code execution vulnerability when using the update configuration functionEPSS 96.6%KEV CVE-2026-34197HIGHApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeansEPSS 96.3%KEV CVE-2022-24112CRITICALapisix/batch-requests plugin allows overwriting the X-REAL-IP headerEPSS 96.2%KEV CVE-2023-51467—Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerabilityEPSS 96.0%CVE-2020-17530CRITICALForced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache StEPSS 95.9%KEV CVE-2023-49070—Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still presentEPSS 95.4%CVE-2023-25194HIGHApache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect EPSS 95.3%CVE-2017-9798—Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, oEPSS 95.0%CVE-2024-31309HIGHApache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attackEPSS 94.6%CVE-2018-11784—When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directoEPSS 94.5%CVE-2018-1335—From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands intEPSS 94.1%CVE-2021-27850—Bypass of the fix for CVE-2019-0195EPSS 94.1%

← anteriorpágina 2 / 94próxima →