apache

3,092 tracked vulnerabilities.

CVE-2023-41752 HIGH
Apache Traffic Server 8.0.0-8.1.8 9.0.0-9.2.2 - Exposure of Sensitive Information
Oct 17, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-39456 HIGH
Apache Traffic Server 9.0.0-9.2.2 - Improper Input Validation via Malformed HTTP/2 Frames
Oct 17, 2023
CVSS 7.5
EPSS 0.53
CVE-2023-45757 MEDIUM
Apache bRPC <= 1.6.0 - Cross-Site Scripting in rpcz Page
Oct 16, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-43668 CRITICAL
Apache InLong 1.4.0-1.8.0 - Authorization Bypass via Sensitive Parameter Check Bypass
Oct 16, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-43667 HIGH
Apache InLong <1.9.0 - Info Disclosure
Oct 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-43666 MEDIUM
Apache InLong <1.9.0 - Info Disclosure
Oct 16, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-45348 MEDIUM
Apache Airflow 2.7.0-2.7.1 - Authenticated Exposure of Sensitive Configuration Information
Oct 14, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42792 MEDIUM
Apache Airflow < 2.7.2 - Authenticated DAG Resource Access Control Bypass
Oct 14, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-42780 MEDIUM
Apache Airflow < 2.7.2 - Authenticated Exposure of Sensitive Information via DAG Warning List
Oct 14, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-42663 MEDIUM
Apache Airflow < 2.7.2 - Authenticated Exposure of Sensitive Task Instance Information
Oct 14, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-44981 CRITICAL
Apache ZooKeeper < 3.7.2 - Authorization Bypass via Missing SASL Instance Part
Oct 11, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-37536 HIGH
Xerces-C++ 3.2.3 - Integer Overflow via HTTP Request
Oct 11, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-45648 MEDIUM NUCLEI
Apache Tomcat 8.5.0-8.5.93, 9.0.0-M1-9.0.81, 10.1.0-M1-10.1.13, 11.0.0-M1-M11 HTTP Request Smuggling
Oct 10, 2023
CVSS 5.3
EPSS 0.06
CVE-2023-42795 MEDIUM
Apache Tomcat 8.5.0-8.5.93, 9.0.0-M1-9.0.80, 10.1.0-M1-10.1.13, 11.0.0-M1-M11 Info Disclosure
Oct 10, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-42794 MEDIUM
Apache Tomcat 8.5.85-8.5.93 and 9.0.70-9.0.80 - Denial of Service via Unclosed File Stream
Oct 10, 2023
CVSS 5.9
EPSS 0.02
CVE-2023-44487 HIGH KEV
HTTP/2 - Denial of Service via Rapid Stream Reset
Oct 10, 2023
CVSS 7.5
EPSS 1.00
CVE-2023-39410 HIGH
Apache Avro <= 1.11.2 - Denial of Service via Memory Exhaustion in Data Deserialization
Sep 29, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-41834 MEDIUM
Apache Flink Stateful Functions 3.1.0-3.2.0 - HTTP Response Splitting via CRLF Injection
Sep 19, 2023
CVSS 6.1
EPSS 0.02
CVE-2023-42503 MEDIUM
Apache Commons Compress 1.22-1.23.0 - Denial of Service via Malformed TAR File Modification Time Headers
Sep 14, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-41267 HIGH
Apache Airflow HDFS Provider <4.1.1 - Info Disclosure
Sep 14, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-41081 HIGH
Apache Tomcat Connectors - Auth Bypass
Sep 13, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-40712 MEDIUM
Apache Airflow <2.7.1 - Info Disclosure
Sep 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-40611 MEDIUM
Apache Airflow <2.7.1 - Privilege Escalation
Sep 12, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-39265 LOW
Apache Superset <= 2.1.0 - SQLite Database Connection Manipulation via Alternative Driver Names
Sep 06, 2023
CVSS 3.8
EPSS 0.84
CVE-2023-37941 MEDIUM
Apache Superset 1.5.0-2.1.0 - Remote Code Execution via Metadata Database Deserialization
Sep 06, 2023
CVSS 6.6
EPSS 0.29