apache

2,902 tracked vulnerabilities.

CVE-2021-37578 CRITICAL
Apache jUDDI < 3.3.10 - Remote Code Execution via RMI Deserialization
Jul 29, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-33900 HIGH
Apache Directory Studio < 2.0.0.v20210717-M17 - Cleartext Transmission of Sensitive Information via StartTLS and SASL
Jul 26, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-28131 HIGH
Apache Impala < 4.0.0 - Authenticated Session Hijacking via Logged Session Secrets
Jul 22, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-24117 MEDIUM
Apache Teaclave SGX SDK 1.1.3 - Side-Channel Information Disclosure via Base64 PEM Decoding
Jul 14, 2021
CVSS 4.9
EPSS 0.00
CVE-2021-36374 MEDIUM
Apache Ant <1.9.16, 1.10.11 - Memory Corruption
Jul 14, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-36373 MEDIUM
Apache Ant <1.9.16, 1.10.11 - Memory Corruption
Jul 14, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-36090 HIGH
Apache Commons Compress 1.0-1.20 - Denial of Service via Malicious ZIP Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-35517 HIGH
Apache Commons Compress 1.1-1.19 - Denial of Service via Malicious TAR Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-35516 HIGH
Apache Commons Compress 1.6-1.19 - Denial of Service via Malicious 7Z Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-35515 HIGH
Apache Commons Compress 1.6-1.19 - Denial of Service via Crafted 7Z Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-33037 MEDIUM
Apache Tomcat <10.0.7-8.5.67 - Info Disclosure
Jul 12, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-30640 MEDIUM
Apache Tomcat <10.0.6, <9.0.46, <8.5.66 - Auth Bypass
Jul 12, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-30639 HIGH
Apache Tomcat 10.0.3-10.0.4, 9.0.44, 8.5.64 - Denial of Service via Non-Blocking I/O Error Flag
Jul 12, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-30129 MEDIUM
Apache Mina SSHD <2.7.0 - Buffer Overflow
Jul 12, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-33192 MEDIUM
Apache Jena Fuseki 2.0.0-4.0.0 - Cross-Site Scripting in HTML Pages
Jul 05, 2021
CVSS 6.1
EPSS 0.03
CVE-2021-26920 MEDIUM
Apache Druid < 0.22.0 and druid-core < 0.21.0 - Authenticated Arbitrary File Read via HTTP InputSource
Jul 02, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-35474 CRITICAL
Apache Traffic Server <9.0.2 - Buffer Overflow
Jun 30, 2021
CVSS 9.8
EPSS 0.09
CVE-2021-32567 HIGH
Apache Traffic Server 7.0.0-7.1.12 8.0.0-8.1.1 9.0.0-9.0.1 - Denial of Service via HTTP/2 Input Validation
Jun 30, 2021
CVSS 7.5
EPSS 0.08
CVE-2021-32566 HIGH
Apache Traffic Server 7.0.0-7.1.12, 8.0.0-8.1.1, 9.0.0-9.0.1 - Denial of Service via HTTP/2 Input Validation
Jun 30, 2021
CVSS 7.5
EPSS 0.08
CVE-2021-32565 HIGH
Apache Traffic Server 7.0.0-7.1.12, 8.0.0-8.1.1, 9.0.0-9.0.1 - HTTP Request Smuggling via Content-Length Header
Jun 29, 2021
CVSS 7.5
EPSS 0.06
CVE-2021-27577 HIGH
Apache Traffic Server <9.0.2 - Info Disclosure
Jun 29, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-26461 CRITICAL
Apache Nuttx < 10.1.0 - Integer Overflow in Memory Allocation Functions
Jun 21, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-33813 HIGH
JDOM < 2.0.6 - XML External Entity Injection via SAXBuilder
Jun 16, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-30468 HIGH
Apache CXF < 3.3.11 and 3.4.0-3.4.4 - Denial of Service via Malformed JSON
Jun 16, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-31618 HIGH
Apache HTTP Server mod_http2 1.15.17 - Denial of Service via NULL Pointer Dereference in HTTP/2 Header Handling
Jun 15, 2021
CVSS 7.5
EPSS 0.11
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV