apache

3,084 tracked vulnerabilities.

CVE-2024-23945 MEDIUM
Apache Hive 1.2.0-4.0.0 and Apache Spark 2.0.0-3.3.4 - Sensitive Information Exposure via Cookie Signature Mismatch
Dec 23, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-56337 CRITICAL
Apache Tomcat 9.0.0-9.0.97, 10.1.0-M1-10.1.33, 11.0.0-M1-11.0.1 - Time-of-check Time-of-use Race Condition
Dec 20, 2024
CVSS 9.8
EPSS 0.09
CVE-2024-56128 MEDIUM
Apache Kafka 0.10.2.0-3.9.0 - Authentication Bypass via SCRAM Nonce Validation Omission
Dec 18, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-54677 MEDIUM
Apache Tomcat 8.5.0-8.5.100, 9.0.0.M1-9.0.97, 10.1.0-M1-10.1.33, 11.0.0-M1-11.0.1 - DoS via Examples Web App
Dec 17, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-50379 CRITICAL
Apache Tomcat 9.0.0-9.0.97, 10.1.0-M1-10.1.33, 11.0.0-M1-11.0.1 - RCE via TOCTOU Race Condition in JSP Compilation
Dec 17, 2024
CVSS 9.8
EPSS 0.44
CVE-2024-55633 MEDIUM
Apache Superset < 4.1.0 - Incorrect Authorization via SQL DML Statement
Dec 12, 2024
CVSS 6.5
EPSS 0.03
CVE-2024-53677 CRITICAL
Apache Struts 2.0.0-6.3.9 - Path Traversal and Remote Code Execution via File Upload
Dec 11, 2024
CVSS 9.8
EPSS 0.78
CVE-2024-53949 MEDIUM
Apache Superset <4.1.0 - Auth Bypass
Dec 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-53948 MEDIUM
Apache Superset <4.1.0 - Info Disclosure
Dec 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-53947 CRITICAL
Apache Superset <4.1.0 - SQL Injection
Dec 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-46901 LOW
Apache Subversion <1.14.4 - Info Disclosure
Dec 09, 2024
CVSS 3.1
EPSS 0.02
CVE-2024-45106 HIGH
Apache Ozone 1.4.0 - Authenticated S3 Secret Manipulation via HTTP Endpoint
Dec 03, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-52338 CRITICAL
Apache Arrow R <16.1.0 - Code Injection
Nov 28, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-51569 HIGH
Apache NimBLE <1.8.0 - Info Disclosure
Nov 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47250 MEDIUM
Apache NimBLE <1.8.0 - Info Disclosure
Nov 26, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-47249 MEDIUM
Apache NimBLE <1.8.0 - Memory Corruption
Nov 26, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-47248 MEDIUM
Apache NimBLE <1.7.0 - Buffer Overflow
Nov 26, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-45719 LOW
Apache Answer <= 1.4.0 - Inadequate Encryption Strength via UUID v1 Token Generation
Nov 22, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-52067 MEDIUM
Apache NiFi <2.0.0-M4 - Info Disclosure
Nov 21, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-31141 MEDIUM
Apache Kafka Clients - Improper Privilege Management
Nov 19, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-52318 MEDIUM
Apache Tomcat <11.0.1-9.0.97 - Memory Corruption
Nov 18, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-52317 MEDIUM
Apache Tomcat <11.0.0-M26,<10.1.30,<9.0.95 - Memory Corruption
Nov 18, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-52316 CRITICAL
Apache Tomcat - Unchecked Error Condition
Nov 18, 2024
CVSS 9.8
EPSS 0.06
CVE-2024-48962 HIGH
Apache OFBiz < 18.12.17 - Cross-Site Request Forgery
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-47208 CRITICAL
Apache OFBiz <18.12.17 - SSRF/Code Injection
Nov 18, 2024
CVSS 9.8
EPSS 0.02