apache

2,899 tracked vulnerabilities.

CVE-2024-46901 LOW
Apache Subversion <1.14.4 - Info Disclosure
Dec 09, 2024
CVSS 3.1
EPSS 0.06
CVE-2024-45106 HIGH
Apache Ozone 1.4.0 - Authenticated S3 Secret Manipulation via HTTP Endpoint
Dec 03, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-52338 CRITICAL
Apache Arrow R <16.1.0 - Code Injection
Nov 28, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-51569 HIGH
Apache NimBLE <1.8.0 - Info Disclosure
Nov 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-47250 MEDIUM
Apache NimBLE <1.8.0 - Info Disclosure
Nov 26, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-47249 MEDIUM
Apache NimBLE <1.8.0 - Memory Corruption
Nov 26, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-47248 MEDIUM
Apache NimBLE <1.7.0 - Buffer Overflow
Nov 26, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-45719 LOW
Apache Answer <= 1.4.0 - Inadequate Encryption Strength via UUID v1 Token Generation
Nov 22, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-52067 MEDIUM
Apache NiFi <2.0.0-M4 - Info Disclosure
Nov 21, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-31141 MEDIUM
Apache Kafka Clients - Improper Privilege Management
Nov 19, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-52318 MEDIUM
Apache Tomcat <11.0.1-9.0.97 - Memory Corruption
Nov 18, 2024
CVSS 6.1
EPSS 0.15
CVE-2024-52317 MEDIUM
Apache Tomcat <11.0.0-M26,<10.1.30,<9.0.95 - Memory Corruption
Nov 18, 2024
CVSS 6.5
EPSS 0.21
CVE-2024-52316 CRITICAL
Apache Tomcat - Unchecked Error Condition
Nov 18, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-48962 HIGH
Apache OFBiz < 18.12.17 - Cross-Site Request Forgery
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-47208 CRITICAL
Apache OFBiz <18.12.17 - SSRF/Code Injection
Nov 18, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-45791 HIGH
Apache HertzBeat < 1.6.1 - Exposure of Sensitive Information to an Unauthorized Actor
Nov 18, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-45505 HIGH
Apache HertzBeat <1.6.1 - Command Injection
Nov 18, 2024
CVSS 8.8
EPSS 0.04
CVE-2024-41151 HIGH
Apache HertzBeat < 1.6.1 - Authenticated Deserialization of Untrusted Data
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-45784 HIGH
Apache Airflow <2.10.3 - Info Disclosure
Nov 15, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-50306 CRITICAL
Apache Traffic Server <9.2.6, <10.0.2 - Privilege Escalation
Nov 14, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-50305 HIGH
Apache Traffic Server 9.2.0-9.2.5 - Denial of Service via Host Header
Nov 14, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-38479 HIGH
Apache Traffic Server <9.2.11 - Info Disclosure
Nov 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-50386 HIGH
Apache CloudStack 4.0.0-4.18.2.4 and 4.19.0.0-4.19.1.2 - Unauthenticated Template Registration to Host Filesystem Access
Nov 12, 2024
CVSS 8.5
EPSS 0.01
CVE-2024-50378 MEDIUM
Apache Airflow < 2.10.3 - Authenticated Sensitive Information Exposure in Audit Logs
Nov 08, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-51504 CRITICAL
Apache ZooKeeper 3.9.0-3.9.2 - Authentication Bypass by Spoofing via X-Forwarded-For Header
Nov 07, 2024
CVSS 9.1
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV