Apache Software Foundation
564 tracked vulnerabilities.
CVE-2016-6806
HIGH
Apache Wicket 6.x < 6.25.0, 7.x < 7.5.0, 8.0.0-M1 - Cross-Site Request Forgery
Oct 03, 2017
CVSS 8.8
EPSS 0.01
CVE-2016-8738
MEDIUM
Apache Struts 2.5-2.5.5 - Denial of Service via URLValidator
Sep 20, 2017
CVSS 5.9
EPSS 0.03
CVE-2016-6795
CRITICAL
Apache Struts 2.3.x < 2.3.31 and 2.5.x < 2.5.5 - Remote Code Execution via Path Traversal
Sep 20, 2017
CVSS 9.8
EPSS 0.08
CVE-2016-8744
HIGH
Apache Brooklyn <0.10.0 - Code Injection
Sep 13, 2017
CVSS 8.8
EPSS 0.04
CVE-2016-8737
HIGH
Apache Brooklyn < 0.10.0 - Cross-Site Request Forgery
Sep 13, 2017
CVSS 8.8
EPSS 0.01
CVE-2016-3086
CRITICAL
Apache Hadoop 2.6.0-2.6.4 and 2.7.0-2.7.2 - Unauthorized Sensitive Information Exposure via YARN NodeManager
Sep 05, 2017
CVSS 9.8
EPSS 0.04
CVE-2016-5001
MEDIUM
Apache Hadoop < 2.6.4 and 2.7.0-2.7.1 - Unauthorized File Read via Short-Circuit Reads Token Guessing
Aug 30, 2017
CVSS 5.5
EPSS 0.01
CVE-2016-6800
MEDIUM
Apache OFBiz - Stored Cross-Site Scripting in Blog Article Summary and Content Fields
Aug 30, 2017
CVSS 6.1
EPSS 0.03
CVE-2016-4462
HIGH
Apache OFBiz - Authenticated Remote Code Execution via ExternalLoginKey Freemarker Injection
Aug 30, 2017
CVSS 8.8
EPSS 0.04
CVE-2016-8752
HIGH
Apache Atlas <0.8 - Info Disclosure
Aug 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2016-6796
HIGH
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Auth ...
Aug 11, 2017
CVSS 7.5
EPSS 0.08
CVE-2016-8745
HIGH
Apache Tomcat <9.0.0.M14, 8.5.9, 8.0.40, 7.0.74, 6.0.49 - Info Disc...
Aug 10, 2017
CVSS 7.5
EPSS 0.16
CVE-2016-6817
HIGH
Apache Tomcat 8.5.0-8.5.6 and 9.0.0.M1-9.0.0.M11 - Denial of Service via HTTP/2 Header Parser
Aug 10, 2017
CVSS 7.5
EPSS 0.07
CVE-2016-6797
HIGH
Apache Tomcat 6.0.0-6.0.45, 7.0.0-7.0.70, 8.0.0.RC1-8.0.36, 8.5.0-8.5.4, 9.0.0.M1-9.0.0.M9 - Incorrect Authorization
Aug 10, 2017
CVSS 7.5
EPSS 0.08
CVE-2016-8739
HIGH
Apache CXF <3.0.12, <3.1.9 - Info Disclosure
Aug 10, 2017
CVSS 7.5
EPSS 0.07
CVE-2016-6812
MEDIUM
Apache CXF < 3.0.12 and 3.1.x < 3.1.9 - Cross-Site Scripting via Matrix Parameters in HTTP Transport Module
Aug 10, 2017
CVSS 6.1
EPSS 0.09
CVE-2016-6794
MEDIUM
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Info ...
Aug 10, 2017
CVSS 5.3
EPSS 0.07
CVE-2016-5018
CRITICAL
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Auth ...
Aug 10, 2017
CVSS 9.1
EPSS 0.10
CVE-2016-0762
MEDIUM
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Info ...
Aug 10, 2017
CVSS 5.9
EPSS 0.08
CVE-2016-8743
HIGH
Apache HTTP Server <2.2.32 & 2.4.25 - Info Disclosure
Jul 27, 2017
CVSS 7.5
EPSS 0.13
CVE-2016-2161
HIGH
Apache HTTP Server 2.4.0-2.4.23 - Denial of Service via mod_auth_digest Input
Jul 27, 2017
CVSS 7.5
EPSS 0.21
CVE-2016-0736
HIGH
Apache HTTP Server <2.4.24 - Info Disclosure
Jul 27, 2017
CVSS 7.5
EPSS 0.49
CVE-2016-6798
CRITICAL
Apache Sling XSS Protection API < 1.0.12 - XML External Entity Injection via Insecure SAX Parser
Jul 19, 2017
CVSS 9.8
EPSS 0.04
CVE-2016-5394
MEDIUM
Apache Sling XSS Protection API < 1.0.12 - Cross-Site Scripting via encodeForJSString Method
Jul 19, 2017
CVSS 6.1
EPSS 0.03
CVE-2016-8751
MEDIUM
Apache Ranger < 0.6.3 - Stored Cross-Site Scripting in Custom Policy Conditions
Jun 14, 2017
CVSS 4.8
EPSS 0.02
Products
Apache Tomcat 52
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache OpenMeetings 16
Apache APISIX 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters