apache

3,092 tracked vulnerabilities.

CVE-2022-23913 HIGH
Apache ActiveMQ Artemis <2.20.0-2.19.1 - DoS
Feb 04, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-23181 HIGH
Apache Tomcat 8.5.55-8.5.73, 9.0.35-9.0.56, 10.0.0-M5-10.0.14, 10.1.0-M1-10.1.0-M8 - TOCTOU Race Condition in FileStore
Jan 27, 2022
CVSS 7.0
EPSS 0.01
CVE-2022-22932 MEDIUM
Apache Karaf < 4.2.15 and 4.3.0-4.3.6 - Path Traversal via obr Commands and karaf-maven-plugin
Jan 26, 2022
CVSS 5.3
EPSS 0.03
CVE-2022-23945 HIGH
Apache ShenYu 2.4.0-2.4.1 - Unauthenticated Missing Authorization via HTTP Registration
Jan 25, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-23944 CRITICAL NUCLEI
Apache ShenYu <2.4.1 - Info Disclosure
Jan 25, 2022
CVSS 9.1
EPSS 0.79
CVE-2022-23223 HIGH
Apache ShenYu 2.4.0-2.4.1 - Unauthenticated Password Disclosure
Jan 25, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-23437 MEDIUM
Apache Xerces-J < 2.12.1 - Denial of Service via Infinite Loop in XML Parser
Jan 24, 2022
CVSS 6.5
EPSS 0.04
CVE-2022-22733 MEDIUM NUCLEI
Apache ShardingSphere ElasticJob-UI <= 3.0.0 - Authenticated Privilege Escalation via Guest Account
Jan 20, 2022
CVSS 6.5
EPSS 0.38
CVE-2022-23307 HIGH
Apache Chainsaw < 2.1.0 - Deserialization of Untrusted Data
Jan 18, 2022
CVSS 8.8
EPSS 0.52
CVE-2022-23305 CRITICAL
Apache Log4j 1.2.x - SQL Injection via JDBCAppender Message Converter
Jan 18, 2022
CVSS 9.8
EPSS 0.67
CVE-2022-23302 HIGH
Apache Log4j 1.x - Deserialization of Untrusted Data via JMSSink Configuration
Jan 18, 2022
CVSS 8.8
EPSS 0.62
CVE-2021-28656 MEDIUM
Apache Zeppelin < 0.9.0 - Cross-Site Request Forgery in Credential Page
Apr 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2021-40331 HIGH
Apache Ranger Hive Plugin <2.4.0 - Privilege Escalation
May 05, 2023
CVSS 8.1
EPSS 0.01
CVE-2021-32824 CRITICAL
Apache Dubbo < 2.6.10 - Unauthenticated Remote Code Execution via Telnet Handler Bean Manipulation
Jan 03, 2023
CVSS 9.8
EPSS 0.03
CVE-2021-28655 MEDIUM
Apache Zeppelin < 0.9.0 - Arbitrary File Deletion via Move Folder to Trash Feature
Dec 16, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-37533 MEDIUM
Apache Commons Net < 3.9.0 - Information Disclosure via FTP PASV Host Redirection
Dec 03, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-42010 CRITICAL
Apache Heron <= 0.20.4-incubating - CRLF Log Injection
Oct 24, 2022
CVSS 9.8
EPSS 0.01
CVE-2021-43980 LOW
Apache Tomcat < 8.5.77 - Race Condition
Sep 28, 2022
CVSS 3.7
EPSS 0.02
CVE-2021-25642 HIGH
Apache Hadoop 2.9.0-2.10.1 - Remote Code Execution via ZKConfigurationStore Deserialization
Aug 25, 2022
CVSS 8.8
EPSS 0.02
CVE-2021-4040 MEDIUM
AMQ Broker < 7.10.0 - Uncontrolled Resource Consumption via Maliciously Crafted Messages
Aug 24, 2022
CVSS 5.3
EPSS 0.02
CVE-2021-37150 HIGH
Apache Traffic Server 8.0.0-9.1.2 - Improper Input Validation in Header Parsing
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-34538 HIGH
Apache Hive < 3.1.3 - Unauthenticated UDF Manipulation via CREATE and DROP Operations
Jul 16, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-44791 MEDIUM
Apache Druid < 0.22.1 and 0.23.0 - Reflected Cross-Site Scripting via Unescaped URL Parameters
Jul 07, 2022
CVSS 6.1
EPSS 0.02
CVE-2021-37839 MEDIUM
Apache Superset <1.5.1 - Info Disclosure
Jul 06, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-33036 HIGH
Apache Hadoop <2.10.2, <3.2.3, <3.3.2 - Privilege Escalation
Jun 15, 2022
CVSS 8.8
EPSS 0.04