apache

3,092 tracked vulnerabilities.

CVE-2022-37400 HIGH
Apache OpenOffice <4.1.13 - Info Disclosure
Aug 15, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-31780 HIGH
Apache Traffic Server 8.0.0-9.1.2 - HTTP Request Smuggling via HTTP/2 Frame Handling
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31779 HIGH
Apache Traffic Server 8.0.0-9.1.2 - HTTP Request Smuggling via HTTP/2 Header Parsing
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31778 HIGH
Apache Traffic Server 8.0.0-9.0.2 - Cache Poisoning via Transfer-Encoding Header
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-28129 HIGH
Apache Traffic Server 8.0.0-9.1.2 - Improper Input Validation in HTTP/1.1 Header Parsing
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25763 HIGH
Apache Traffic Server 8.0.0-9.1.2 - HTTP Request Smuggling via HTTP/2 Request Validation
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-36125 HIGH
Apache Avro Rust SDK <0.14.0 - Memory Corruption
Aug 09, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-36124 HIGH
Apache Avro Rust SDK <0.14.0 - Memory Corruption
Aug 09, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-35724 HIGH
Apache Avro < 0.14.0 - Denial of Service via Infinite Loop in Data Reader
Aug 09, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25168 CRITICAL
Apache Hadoop 2.0.0-2.10.1 and 2.10.2-3.3.3 - OS Command Injection via FileUtil.unTar
Aug 04, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-34158 HIGH
Apache JSPWiki < 2.11.3 - Cross-Site Request Forgery via Image Plugin
Aug 04, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-28732 MEDIUM
Apache JSPWiki < 2.11.3 - Cross-Site Scripting via WeblogPlugin
Aug 04, 2022
CVSS 6.1
EPSS 0.82
CVE-2022-28731 MEDIUM
Apache JSPWiki < 2.11.3 - Cross-Site Request Forgery via UserPreferences.jsp
Aug 04, 2022
CVSS 6.5
EPSS 0.56
CVE-2022-28730 MEDIUM
Apache JSPWiki < 2.11.3 - Cross-Site Scripting via Denounce Plugin
Aug 04, 2022
CVSS 6.1
EPSS 0.85
CVE-2022-27166 MEDIUM
Apache JSPWiki <= 2.11.2 - Cross-Site Scripting via XHRHtml2Markup.jsp
Aug 04, 2022
CVSS 6.1
EPSS 0.85
CVE-2022-36364 HIGH
Apache Calcite Avatica JDBC driver - RCE
Jul 28, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-24294 HIGH
Apache MXNet < 1.9.1 - Denial of Service via Crafted Operator Name
Jul 24, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-34169 HIGH
Apache Xalan <2.7.3 - Code Injection
Jul 19, 2022
CVSS 7.5
EPSS 0.16
CVE-2022-35741 CRITICAL
Apache CloudStack >=4.5.0 - XXE Injection
Jul 18, 2022
CVSS 9.8
EPSS 0.08
CVE-2022-36127 HIGH
Apache SkyWalking NodeJS Agent <0.5.1 - DoS
Jul 18, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-33891 HIGH KEVNUCLEI
Apache Spark UI - Privilege Escalation
Jul 18, 2022
CVSS 8.8
EPSS 0.93
CVE-2022-31781 HIGH
Apache Tapestry < 5.8.2 - Regular Expression Denial of Service in ContentType Class
Jul 13, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-28889 MEDIUM
Apache Druid < 0.23.0 - Clickjacking via Missing Content-Security-Policy Header
Jul 07, 2022
CVSS 4.3
EPSS 0.02
CVE-2022-33980 CRITICAL
Apache Commons Configuration <2.8 - RCE
Jul 06, 2022
CVSS 9.8
EPSS 0.43
CVE-2022-32533 CRITICAL
Apache Jetspeed - Cross-Site Scripting via Untrusted User Input
Jul 06, 2022
CVSS 9.8
EPSS 0.04