Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / apache

apache

2,902 tracked vulnerabilities.

CVE-2020-13959 MEDIUM

Apache Velocity Tools < 3.1 - Cross-Site Scripting via URL vm File Parameter

CVE-2020-13936 HIGH

Apache Velocity Engine < 2.3 - Remote Code Execution via Template Modification

CVE-2020-35451 MEDIUM

Apache Oozie < 5.2.1 - Race Condition in OozieSharelibCLI

CVE-2020-1936 MEDIUM

Apache Ambari < 2.7.4 - Cross-Site Scripting in Views

CVE-2020-9479 MEDIUM

Apache AsterixDB < 0.9.5 - Path Traversal via UDF Zip File Extraction

CVE-2020-27223 MEDIUM

Eclipse Jetty 9.4.6-9.4.36, 10.0.0, 11.0.0 - Denial of Service via Multiple Accept Headers with Quality Parameters

CVE-2020-11988 HIGH

Apache XmlGraphics Commons < 2.4 - Server-Side Request Forgery via XMPParser

CVE-2020-11987 HIGH

Apache Batik < 1.13 - Server-Side Request Forgery via NodePickerPanel

CVE-2020-13949 HIGH

Apache Thrift 0.9.3-0.13.0 - Uncontrolled Resource Consumption via Short RPC Messages

CVE-2020-13947 MEDIUM

Apache ActiveMQ 5.15.12-5.16.0 - Stored Cross-Site Scripting in message.jsp

CVE-2020-17523 CRITICAL

Apache Shiro < 1.7.1 - Authentication Bypass via Crafted HTTP Request

CVE-2020-17516 HIGH

Apache Cassandra <3.11.10 - Info Disclosure

CVE-2020-9492 HIGH

Apache Hadoop 2.0.0-2.10.0 and 3.0.0-alpha1-3.2.1 - Incorrect Authorization via WebHDFS SPNEGO Header

CVE-2020-36230 HIGH

OpenLDAP < 2.4.57 - Denial of Service via X.509 DN Parsing Assertion Failure

CVE-2020-17522 MEDIUM

Apache Traffic Control <4.1.0 - Info Disclosure

CVE-2020-17532 HIGH

Apache ServiceComb-Java-Chassis <2.1.4 - Authenticated RCE

CVE-2020-11997 MEDIUM

Apache Guacamole < 1.2.0 - Unauthorized Connection History Access

CVE-2020-17534 HIGH

HTML/Java API <1.7.1 - Privilege Escalation

CVE-2020-17509 HIGH

Apache Traffic Server <8.1.0 - Cache Poisoning

CVE-2020-17508 HIGH

Apache Traffic Server <8.2 - Info Disclosure

CVE-2020-13922 MEDIUM

Apache DolphinScheduler < 1.3.2 - Unauthenticated Password Override via API Interface

CVE-2020-11995 CRITICAL

Apache Dubbo 2.5.0-2.5.9 and 2.7.0-2.7.7 - Remote Code Execution via Hessian2 Deserialization

CVE-2020-17519 HIGH KEVNUCLEI

Apache Flink JobManager Traversal

CVE-2020-17518 HIGH NUCLEI

Apache Flink <1.11.3-1.12.0 - Path Traversal

CVE-2020-17533 HIGH

Apache Accumulo <2.0.0 - Privilege Escalation

Previous Page 56 of 117 Next

Products

http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy