apache

3,092 tracked vulnerabilities.

CVE-2023-52291 MEDIUM
Apache StreamPark < 2.1.4 - Authenticated Remote Command Execution via Maven Build Args
Jul 17, 2024
CVSS 4.7
EPSS 0.02
CVE-2023-52290 HIGH
Apache StreamPark 2.0.0-2.1.3 - Authenticated SQL Injection via Sort Field
Jul 16, 2024
CVSS 8.1
EPSS 0.01
CVE-2023-49566 HIGH
Apache Linkis <=1.5.0 - Authenticated JNDI Injection via DB2 DataSource Parameters
Jul 15, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-46801 HIGH
Apache Linkis <=1.5.0 - Authenticated RCE
Jul 15, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-41916 MEDIUM
Apache Linkis <1.4.0 - Info Disclosure
Jul 15, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-35701 MEDIUM
Apache Hive 4.0.0-alpha-1 - Remote Code Execution via Malicious JDBC URL
May 03, 2024
CVSS 6.6
EPSS 0.01
CVE-2023-38709 HIGH
Apache HTTP Server <= 2.4.58 - HTTP Response Splitting via Faulty Input Validation
Apr 04, 2024
CVSS 7.3
EPSS 0.04
CVE-2023-41313 CRITICAL
Apache Doris <2.0.0 - Info Disclosure
Mar 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-50740 MEDIUM
Apache Linkis <=1.4.0 - Sensitive Information Disclosure in Oracle Data Source Logs
Mar 06, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-50378 MEDIUM
Apache Ambari < 2.7.8 - Stored Cross-Site Scripting
Mar 01, 2024
CVSS 6.1
EPSS 0.01
CVE-2023-50380 MEDIUM
Apache Ambari <= 2.7.7 - XML External Entity Injection
Feb 27, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-51747 HIGH
Apache James <3.8.1-3.7.5 - SMTP Smuggling
Feb 27, 2024
CVSS 7.1
EPSS 0.01
CVE-2023-51518 CRITICAL
Apache James <3.7.5, 3.8.0 - Privilege Escalation
Feb 27, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-50379 HIGH
Apache Ambari < 2.7.8 - Authenticated Code Injection
Feb 27, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-51653 CRITICAL
Hertzbeat <1.4.1 - Command Injection
Feb 22, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-51389 CRITICAL
Hertzbeat < 1.4.1 - Deserialization of Untrusted Data via SnakeYAML Parser
Feb 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-51388 CRITICAL
Hertzbeat < 1.4.1 - AviatorScript Injection via Unrestricted AviatorEvaluator
Feb 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-51770 HIGH
Apache DolphinScheduler <3.2.1 - Info Disclosure
Feb 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-50270 MEDIUM
Apache DolphinScheduler 1.3.8-3.2.0 - Insufficient Session Expiration
Feb 20, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49250 HIGH
Apache DolphinScheduler <3.2.0 - SSRF
Feb 20, 2024
CVSS 7.3
EPSS 0.01
CVE-2023-49109 CRITICAL
Apache DolphinScheduler <3.2.1 - RCE
Feb 20, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-50386 HIGH
Apache Solr Backup/Restore APIs RCE
Feb 09, 2024
CVSS 8.8
EPSS 0.84
CVE-2023-50298 HIGH
Apache Solr 6.0.0-8.11.2, 9.0.0-9.4.0 - Exposure of Sensitive Information via Streaming Expression zkHost Parameter
Feb 09, 2024
CVSS 7.5
EPSS 0.02
CVE-2023-50292 HIGH
Apache Solr 8.10.0-8.11.2, 9.0.0-9.2.9 - Unauthenticated Remote Code Execution via Schema Designer ConfigSet
Feb 09, 2024
CVSS 7.5
EPSS 0.03
CVE-2023-50291 HIGH
Apache Solr 6.0.0-8.11.2 and 9.0.0-9.2.9 - Authenticated Credential Exposure via /admin/info/properties Endpoint
Feb 09, 2024
CVSS 7.5
EPSS 0.03