apache

3,092 tracked vulnerabilities.

CVE-2021-43557 HIGH
Apache APISIX < 2.10.2 - URI Blocklist Bypass via Unnormalized Request URI
Nov 22, 2021
CVSS 7.5
EPSS 0.15
CVE-2021-41532 MEDIUM
Apache Ozone < 1.2.0 - Unauthenticated Exposure of Sensitive Information via Recon HTTP Endpoints
Nov 19, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-39236 HIGH
Apache Ozone < 1.2.0 - Authenticated User Impersonation via OM Request
Nov 19, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-39235 MEDIUM
Apache Ozone < 1.2.0 - Authenticated Incorrect Permission Assignment for Critical Resource
Nov 19, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-39234 MEDIUM
Apache Ozone < 1.2.0 - Authenticated Security Bypass via Block ID Manipulation
Nov 19, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-39233 CRITICAL
Apache Ozone < 1.2.0 - Unauthenticated Container Request Access
Nov 19, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-39232 HIGH
Apache Ozone < 1.2.0 - Authenticated Missing Authorization for Admin Commands
Nov 19, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-39231 CRITICAL
Apache Ozone < 1.2.0 - Missing Authorization for Internal RPC Endpoints
Nov 19, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-36372 CRITICAL
Apache Ozone <1.2.0 - Info Disclosure
Nov 19, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-42250 MEDIUM
Apache Superset < 1.3.2 - Authenticated Log Forgery via HTTP Endpoint
Nov 17, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-37580 CRITICAL NUCLEI
Apache ShenYu 2.3.0-2.4.0 - Authentication Bypass via JWT Misuse
Nov 16, 2021
CVSS 9.8
EPSS 0.40
CVE-2021-41972 MEDIUM
Apache Superset <= 1.3.1 - Authenticated Database Connection Password Leak
Nov 12, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-43350 CRITICAL
Apache Traffic Control - Info Disclosure
Nov 11, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-26558 HIGH
Apache ShardingSphere-UI 4.1.1-5.0.0 - Deserialization of Untrusted Data
Nov 11, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-43082 CRITICAL
Apache Traffic Server <9.1.0 - Buffer Overflow
Nov 03, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-41585 HIGH
Apache Traffic Server 5.0.0-9.1.0 - Denial of Service via Socket Connection Handling
Nov 03, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-38161 HIGH
Apache Traffic Server <8.0.9 - Auth Bypass
Nov 03, 2021
CVSS 8.1
EPSS 0.02
CVE-2021-37149 HIGH
Apache Traffic Server 8.0.0-8.1.2 and 9.0.0-9.1.0 - HTTP Request Smuggling via Header Parsing
Nov 03, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-37148 HIGH
Apache Traffic Server 8.0.0-8.1.2 and 9.0.0-9.0.1 - HTTP Request Smuggling via Header Parsing
Nov 03, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-37147 HIGH
Apache Traffic Server 8.0.0-8.1.2 and 9.0.0-9.1.0 - HTTP Request Smuggling via Header Parsing
Nov 03, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27644 HIGH
Apache DolphinScheduler <1.3.6 - SQL Injection
Nov 01, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-41973 MEDIUM
Apache MINA < 2.0.22 - Denial of Service via Malformed HTTP Request
Nov 01, 2021
CVSS 6.5
EPSS 0.04
CVE-2021-40865 CRITICAL
Apache Storm <2.2.1, <2.3.0, <1.2.4 - Open Redirect
Oct 25, 2021
CVSS 9.8
EPSS 0.66
CVE-2021-38294 CRITICAL
Apache Storm <2.2.1, <1.2.4 - Command Injection
Oct 25, 2021
CVSS 9.8
EPSS 0.84
CVE-2021-41971 HIGH
Apache Superset <= 1.3.0 - Authenticated SQL Injection via Custom URL
Oct 18, 2021
CVSS 8.8
EPSS 0.02