apache

2,899 tracked vulnerabilities.

CVE-2023-33008 MEDIUM
Apache Johnzon <= 1.2.20 - Denial of Service via BigDecimal Deserialization
Jul 07, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-34150 MEDIUM
Apache Any23 < 2.7 - Denial of Service via TikaEncodingDetector
Jul 05, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-35797 CRITICAL
Apache Airflow Hive Provider < 6.1.1 - Remote Code Execution via Principal Parameter
Jul 03, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-22886 HIGH
Apache Airflow JDBC Provider < 4.0.0 - Remote Code Execution via JDBC Connection URL Parameter
Jun 29, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-35798 MEDIUM
Apache Airflow ODBC Provider < 4.0.0 and MSSQL Provider < 3.4.1 - Improper Input Validation in get_sqlalchemy_connection
Jun 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-34395 HIGH
Apache Airflow ODBC Provider < 4.0.0 - Command Injection via ODBC Driver Parameters
Jun 27, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-31469 HIGH
Apache StreamPipes <0.92.0 - Privilege Escalation
Jun 23, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-34981 HIGH
Apache Tomcat 8.5.88-8.5.89, 9.0.74, 10.1.8, 11.0.0-M5 - Information Leak via AJP Response Header Regression
Jun 21, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-34340 CRITICAL
Apache Accumulo 2.1.0 - Improper Authentication
Jun 21, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-35005 MEDIUM
Apache Airflow 2.5.0-2.6.1 - Exposure of Sensitive Information via Configuration UI
Jun 19, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-34396 MEDIUM
Apache Struts <= 2.5.30 and <= 6.1.2 - Denial of Service via Resource Allocation
Jun 14, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-34149 MEDIUM
Apache Struts <= 2.5.30 and <= 6.1.2 - Denial of Service via Resource Allocation
Jun 14, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-33933 HIGH
Apache Traffic Server <9.2.0 - Info Disclosure
Jun 14, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-30631 HIGH
Apache Traffic Server 8.0.0-9.2.0 - Improper Input Validation in PUSH Method Handling
Jun 14, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-34468 HIGH
Apache NiFi 0.0.2-1.21.0 - Authenticated Remote Code Execution via H2 JDBC Database URL
Jun 12, 2023
CVSS 8.8
EPSS 0.78
CVE-2023-34212 MEDIUM
Apache NiFi 1.8.0-1.21.0 - Authenticated Deserialization of Untrusted Data via JNDI URL Configuration
Jun 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-30576 MEDIUM
Apache Guacamole 0.9.10-1.5.1 - Remote Code Execution via RDP Audio Input Buffer Use-After-Free
Jun 07, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-30575 MEDIUM
Apache Guacamole <1.5.1 - Code Injection
Jun 07, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-33234 HIGH
Apache Airflow CNCF Kubernetes Provider <5.0.0 - RCE
May 30, 2023
CVSS 7.2
EPSS 0.00
CVE-2023-30601 HIGH
Apache Cassandra 4.0.0-4.0.9 and 4.1.0-4.1.1 - Privilege Escalation via FQL/Audit Log Configuration
May 30, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-33246 CRITICAL KEVNUCLEI
Apache RocketMQ update config RCE
May 24, 2023
CVSS 9.8
EPSS 0.94
CVE-2023-31103 HIGH
Apache InLong <1.6.0 - Privilege Escalation
May 22, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-31101 MEDIUM
Apache InLong <1.7.0 - Info Disclosure
May 22, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-31098 CRITICAL
Apache InLong <1.7.0 - Info Disclosure
May 22, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-31066 CRITICAL
Apache InLong <1.6.0 - Info Disclosure
May 22, 2023
CVSS 9.1
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV