apache

2,899 tracked vulnerabilities.

CVE-2023-46288 MEDIUM
Apache Airflow <2.7.0 - Info Disclosure
Oct 23, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-45802 MEDIUM
Apache HTTP Server 2.4.17-2.4.57 - Denial of Service via HTTP/2 Stream Reset
Oct 23, 2023
CVSS 5.9
EPSS 0.03
CVE-2023-43622 HIGH
Apache HTTP Server 2.4.55-2.4.57 - Denial of Service via HTTP/2 Zero Window Size
Oct 23, 2023
CVSS 7.5
EPSS 0.63
CVE-2023-31122 HIGH
Apache HTTP Server <2.4.57 - Buffer Overflow
Oct 23, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-44483 MEDIUM
Apache Santuario XML Security for Java < 2.2.6, 2.3.0-2.3.4 - Private Key Disclosure in Log Files
Oct 20, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-46227 HIGH
Apache InLong <1.8.0 - Use After Free
Oct 19, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-25753 MEDIUM
Apache ShenYu 2.5.1 - Server-Side Request Forgery via /sandbox/proxyGateway requestUrl Parameter
Oct 19, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-41752 HIGH
Apache Traffic Server 8.0.0-8.1.8 9.0.0-9.2.2 - Exposure of Sensitive Information
Oct 17, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-39456 HIGH
Apache Traffic Server 9.0.0-9.2.2 - Improper Input Validation via Malformed HTTP/2 Frames
Oct 17, 2023
CVSS 7.5
EPSS 0.08
CVE-2023-45757 MEDIUM
Apache bRPC <= 1.6.0 - Cross-Site Scripting in rpcz Page
Oct 16, 2023
CVSS 6.1
EPSS 0.04
CVE-2023-43668 CRITICAL
Apache InLong 1.4.0-1.8.0 - Authorization Bypass via Sensitive Parameter Check Bypass
Oct 16, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-43667 HIGH
Apache InLong <1.9.0 - Info Disclosure
Oct 16, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-43666 MEDIUM
Apache InLong <1.9.0 - Info Disclosure
Oct 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-45348 MEDIUM
Apache Airflow 2.7.0-2.7.1 - Authenticated Exposure of Sensitive Configuration Information
Oct 14, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-42792 MEDIUM
Apache Airflow < 2.7.2 - Authenticated DAG Resource Access Control Bypass
Oct 14, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-42780 MEDIUM
Apache Airflow < 2.7.2 - Authenticated Exposure of Sensitive Information via DAG Warning List
Oct 14, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-42663 MEDIUM
Apache Airflow < 2.7.2 - Authenticated Exposure of Sensitive Task Instance Information
Oct 14, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-44981 CRITICAL
Apache ZooKeeper < 3.7.2 - Authorization Bypass via Missing SASL Instance Part
Oct 11, 2023
CVSS 9.1
EPSS 0.00
CVE-2023-37536 HIGH
Xerces-C++ 3.2.3 - Integer Overflow via HTTP Request
Oct 11, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-45648 MEDIUM NUCLEI
Apache Tomcat 8.5.0-8.5.93, 9.0.0-M1-9.0.81, 10.1.0-M1-10.1.13, 11.0.0-M1-M11 HTTP Request Smuggling
Oct 10, 2023
CVSS 5.3
EPSS 0.63
CVE-2023-42795 MEDIUM
Apache Tomcat 8.5.0-8.5.93, 9.0.0-M1-9.0.80, 10.1.0-M1-10.1.13, 11.0.0-M1-M11 Info Disclosure
Oct 10, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-42794 MEDIUM
Apache Tomcat 8.5.85-8.5.93 and 9.0.70-9.0.80 - Denial of Service via Unclosed File Stream
Oct 10, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-44487 HIGH KEV
HTTP/2 - Denial of Service via Rapid Stream Reset
Oct 10, 2023
CVSS 7.5
EPSS 0.94
CVE-2023-39410 HIGH
Apache Avro <= 1.11.2 - Denial of Service via Memory Exhaustion in Data Deserialization
Sep 29, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-41834 MEDIUM
Apache Flink Stateful Functions 3.1.0-3.2.0 - HTTP Response Splitting via CRLF Injection
Sep 19, 2023
CVSS 6.1
EPSS 0.02
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV