apache

2,902 tracked vulnerabilities.

CVE-2021-37533 MEDIUM
Apache Commons Net < 3.9.0 - Information Disclosure via FTP PASV Host Redirection
Dec 03, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-42010 CRITICAL
Apache Heron <= 0.20.4-incubating - CRLF Log Injection
Oct 24, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-43980 LOW
Apache Tomcat < 8.5.77 - Race Condition
Sep 28, 2022
CVSS 3.7
EPSS 0.00
CVE-2021-25642 HIGH
Apache Hadoop 2.9.0-2.10.1 - Remote Code Execution via ZKConfigurationStore Deserialization
Aug 25, 2022
CVSS 8.8
EPSS 0.03
CVE-2021-4040 MEDIUM
AMQ Broker < 7.10.0 - Uncontrolled Resource Consumption via Maliciously Crafted Messages
Aug 24, 2022
CVSS 5.3
EPSS 0.04
CVE-2021-37150 HIGH
Apache Traffic Server 8.0.0-9.1.2 - Improper Input Validation in Header Parsing
Aug 10, 2022
CVSS 7.5
EPSS 0.01
CVE-2021-34538 HIGH
Apache Hive < 3.1.3 - Unauthenticated UDF Manipulation via CREATE and DROP Operations
Jul 16, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-44791 MEDIUM
Apache Druid < 0.22.1 and 0.23.0 - Reflected Cross-Site Scripting via Unescaped URL Parameters
Jul 07, 2022
CVSS 6.1
EPSS 0.06
CVE-2021-37839 MEDIUM
Apache Superset <1.5.1 - Info Disclosure
Jul 06, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-33036 HIGH
Apache Hadoop <2.10.2, <3.2.3, <3.3.2 - Privilege Escalation
Jun 15, 2022
CVSS 8.8
EPSS 0.02
CVE-2021-37404 CRITICAL
Apache Hadoop 2.9.0-2.10.1 and 3.3.0 - Heap Buffer Overflow via Unvalidated File Path
Jun 13, 2022
CVSS 9.8
EPSS 0.01
CVE-2021-28544 MEDIUM
Apache Subversion 1.10.0-1.14.0 - Unauthorized Exposure of Protected Copyfrom Paths
Apr 12, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-31805 CRITICAL NUCLEI
Apache Struts 2.0.0-2.5.29 - Remote Code Execution via Forced OGNL Evaluation
Apr 12, 2022
CVSS 9.8
EPSS 0.94
CVE-2021-44759 HIGH
Apache Traffic Server 8.0.0-8.1.0 - Improper Authentication in TLS Origin Validation
Mar 23, 2022
CVSS 8.1
EPSS 0.02
CVE-2021-44040 HIGH
Apache Traffic Server 8.0.0-8.1.3 and 9.0.0-9.1.1 - Improper Input Validation in Request Line Parsing
Mar 23, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-38296 HIGH
Apache Spark <3.1.2 - Info Disclosure
Mar 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-45229 MEDIUM
Apache Airflow < 2.2.3 - Stored Cross-Site Scripting via Trigger DAG Origin Query Argument
Feb 25, 2022
CVSS 6.1
EPSS 0.02
CVE-2021-44521 CRITICAL NUCLEI
Apache Cassandra 3.0.0-3.0.25 - Authenticated Remote Code Execution via User Defined Functions
Feb 11, 2022
CVSS 9.1
EPSS 0.91
CVE-2021-36152 CRITICAL
Apache Gobblin <0.15.0 - Info Disclosure
Feb 04, 2022
CVSS 9.8
EPSS 0.01
CVE-2021-36151 MEDIUM
Apache Gobblin <=0.15.0 - Info Disclosure
Feb 04, 2022
CVSS 5.5
EPSS 0.00
CVE-2021-44451 MEDIUM NUCLEI
Apache Superset <= 1.3.2 - Authenticated Database Connection Password Exposure
Feb 01, 2022
CVSS 6.5
EPSS 0.75
CVE-2021-41571 MEDIUM
Apache Pulsar < 2.6.4 - Incorrect Authorization in Admin API get-message-by-id
Feb 01, 2022
CVSS 6.5
EPSS 0.01
CVE-2021-41766 HIGH
Apache Karaf < 4.3.6 - Deserialization of Untrusted Data via JMX
Jan 26, 2022
CVSS 8.1
EPSS 0.01
CVE-2021-45029 CRITICAL
Apache ShenYu 2.4.0-2.4.1 - Remote Code Execution via Groovy and SpEL Injection
Jan 25, 2022
CVSS 9.8
EPSS 0.10
CVE-2021-45230 MEDIUM
Apache Airflow <2.2.0 - Privilege Escalation
Jan 20, 2022
CVSS 6.5
EPSS 0.02
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV