apache

2,902 tracked vulnerabilities.

CVE-2021-41585 HIGH
Apache Traffic Server 5.0.0-9.1.0 - Denial of Service via Socket Connection Handling
Nov 03, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-38161 HIGH
Apache Traffic Server <8.0.9 - Auth Bypass
Nov 03, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-37149 HIGH
Apache Traffic Server 8.0.0-8.1.2 and 9.0.0-9.1.0 - HTTP Request Smuggling via Header Parsing
Nov 03, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-37148 HIGH
Apache Traffic Server 8.0.0-8.1.2 and 9.0.0-9.0.1 - HTTP Request Smuggling via Header Parsing
Nov 03, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-37147 HIGH
Apache Traffic Server 8.0.0-8.1.2 and 9.0.0-9.1.0 - HTTP Request Smuggling via Header Parsing
Nov 03, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-27644 HIGH
Apache DolphinScheduler <1.3.6 - SQL Injection
Nov 01, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-41973 MEDIUM
Apache MINA < 2.0.22 - Denial of Service via Malformed HTTP Request
Nov 01, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-40865 CRITICAL
Apache Storm <2.2.1, <2.3.0, <1.2.4 - Open Redirect
Oct 25, 2021
CVSS 9.8
EPSS 0.46
CVE-2021-38294 CRITICAL
Apache Storm <2.2.1, <1.2.4 - Command Injection
Oct 25, 2021
CVSS 9.8
EPSS 0.82
CVE-2021-41971 HIGH
Apache Superset <= 1.3.0 - Authenticated SQL Injection via Custom URL
Oct 18, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-32609 MEDIUM
Apache Superset <= 1.1 - Stored Cross-Site Scripting in Explore Page Chart Title
Oct 18, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-42340 HIGH
Apache Tomcat 8.5.60-8.5.71, 9.0.40-9.0.53, 10.0.0-M1-10.0.11, 10.1.0-M1-10.1.0-M5 Memory Leak via WebSocket
Oct 14, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-38295 HIGH
Apache CouchDB - Privilege Escalation
Oct 14, 2021
CVSS 7.3
EPSS 0.09
CVE-2021-42009 MEDIUM
Apache Traffic Control < 5.1.3 - Authenticated Arbitrary Email Spoofing via Delivery Service Request Endpoint
Oct 12, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-41832 HIGH
Apache OpenOffice < 4.1.11 - Cryptographic Signature Verification Bypass
Oct 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-41831 MEDIUM
Apache OpenOffice < 4.1.11 - Cryptographic Signature Timestamp Manipulation
Oct 11, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-41830 HIGH
Apache OpenOffice < 4.1.11 - Cryptographic Signature Verification Bypass
Oct 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-42013 CRITICAL KEVNUCLEI
Apache HTTP Server 2.4.49-2.4.50 - Path Traversal and Remote Code Execution via Alias-like Directives
Oct 07, 2021
CVSS 9.8
EPSS 0.94
CVE-2021-40439 MEDIUM
Apache OpenOffice < 4.1.10 - XML External Entity Injection via Crafted ODF Files
Oct 07, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-28129 HIGH
Apache OpenOffice <4.1.8 - Info Disclosure
Oct 07, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-41773 CRITICAL KEVNUCLEI
Apache 2.4.49/2.4.50 Traversal RCE
Oct 05, 2021
CVSS 9.8
EPSS 0.94
CVE-2021-41524 HIGH
Apache HTTP Server 2.4.49 - Denial of Service via HTTP/2 Request Processing
Oct 05, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-41616 CRITICAL
Apache DB DdlUtils 1.0 - Deserialization of Untrusted Data via BinaryObjectsHelper
Sep 30, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-36749 MEDIUM NUCLEI
Apache Druid < 0.22.0 - Authenticated Arbitrary File Read via HTTP InputSource
Sep 24, 2021
CVSS 6.5
EPSS 0.94
CVE-2021-33035 HIGH
Apache OpenOffice <= 4.1.10 - Remote Code Execution via DBF Field Size Overflow
Sep 23, 2021
CVSS 7.8
EPSS 0.05
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV