apache

3,092 tracked vulnerabilities.

CVE-2021-27738 HIGH
Apache Kylin <3.1.2 - Coordinator API Access and Server-Side Request Forgery
Jan 06, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-36739 MEDIUM
Apache Pluto 3.1.0 - Cross-Site Scripting in MVCBean JSP Portlet Archetype
Jan 06, 2022
CVSS 6.1
EPSS 0.02
CVE-2021-36738 MEDIUM
Apache Pluto < 3.1.1 - Cross-Site Scripting in Applicant MVCBean CDI Portlet
Jan 06, 2022
CVSS 6.1
EPSS 0.02
CVE-2021-36737 MEDIUM
Apache Pluto < 3.1.1 - Cross-Site Scripting in UrlTestPortlet Input Fields
Jan 06, 2022
CVSS 6.1
EPSS 0.02
CVE-2021-40525 CRITICAL
Apache James <3.6.1 - Path Traversal
Jan 04, 2022
CVSS 9.1
EPSS 0.04
CVE-2021-40111 MEDIUM
Apache James < 3.6.1 - Authenticated Denial of Service via Crafted IMAP APPEND and STATUS Commands
Jan 04, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-40110 HIGH
Apache James < 3.6.1 - Denial of Service via IMAP LIST Command Regular Expression
Jan 04, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-38542 MEDIUM
Apache James <3.6.1 - Command Injection
Jan 04, 2022
CVSS 5.9
EPSS 0.02
CVE-2021-34797 HIGH
Apache Geode < 1.12.4 and 1.13.4 - Sensitive Information Exposure in Log Files
Jan 04, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-44832 MEDIUM
Apache Log4j 2.0-beta7-2.17.0 - Remote Code Execution via JDBC Appender JNDI LDAP Data Source
Dec 28, 2021
CVSS 6.6
EPSS 0.98
CVE-2021-45232 CRITICAL NUCLEI
Apache APISIX Dashboard < 2.10.1 - Unauthenticated API Access via Gin Framework Bypass
Dec 27, 2021
CVSS 9.8
EPSS 0.86
CVE-2021-44548 CRITICAL
Apache Solr < 8.11.1 - Path Traversal via DataImportHandler Windows UNC Path
Dec 23, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-44790 CRITICAL
Apache HTTP Server < 2.4.52 - Buffer Overflow in mod_lua Multipart Parser
Dec 20, 2021
CVSS 9.8
EPSS 0.97
CVE-2021-44224 HIGH
Apache HTTP Server 2.4.7-2.4.51 - NULL Pointer Dereference and Server-Side Request Forgery via Forward Proxy
Dec 20, 2021
CVSS 8.2
EPSS 0.82
CVE-2021-41561 HIGH
Apache Parquet-MR 1.9.0-1.11.1 and 1.12.0 - Denial of Service via Malicious Parquet File
Dec 20, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-43083 HIGH
Apache PLC4X - PLC4C <0.9.1 - Buffer Overflow
Dec 19, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-45105 MEDIUM
Apache Log4j 2.0-alpha1-2.16.0 - Denial of Service via Thread Context Map Self-Referential Lookup
Dec 18, 2021
CVSS 5.9
EPSS 1.00
CVE-2021-44145 MEDIUM
Apache NiFi < 1.15.1 - Authenticated Exposure of Sensitive Information via TransformXML Processor
Dec 17, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-45046 CRITICAL KEVNUCLEI
Apache Log4j < 2.12.2 - Remote Code Execution
Dec 14, 2021
CVSS 9.0
EPSS 1.00
CVE-2021-44549 HIGH
Apache Sling Commons Messaging Mail < 2.0 - Improper Certificate Validation
Dec 14, 2021
CVSS 7.4
EPSS 0.02
CVE-2021-4104 HIGH
Apache Log4j 1.2 - Remote Code Execution via JMSAppender JNDI Requests
Dec 14, 2021
CVSS 7.5
EPSS 0.81
CVE-2021-44228 CRITICAL KEVNUCLEI
Log4Shell HTTP Header Injection
Dec 10, 2021
CVSS 10.0
EPSS 1.00
CVE-2021-43410 MEDIUM
Apache Airavata Django Portal <3c5d8c7 - Log Injection
Dec 09, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-44140 CRITICAL
Apache JSPWiki < 2.11.0 - Arbitrary File Deletion via Logout Request
Nov 24, 2021
CVSS 9.1
EPSS 0.06
CVE-2021-40369 MEDIUM
Apache JSPWiki < 2.11.0 - Cross-Site Scripting via Denounce Plugin
Nov 24, 2021
CVSS 6.1
EPSS 0.03