apache
3,092 tracked vulnerabilities.
CVE-2021-43557
HIGH
Apache APISIX < 2.10.2 - URI Blocklist Bypass via Unnormalized Request URI
Nov 22, 2021
CVSS 7.5
EPSS 0.15
CVE-2021-41532
MEDIUM
Apache Ozone < 1.2.0 - Unauthenticated Exposure of Sensitive Information via Recon HTTP Endpoints
Nov 19, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-39236
HIGH
Apache Ozone < 1.2.0 - Authenticated User Impersonation via OM Request
Nov 19, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-39235
MEDIUM
Apache Ozone < 1.2.0 - Authenticated Incorrect Permission Assignment for Critical Resource
Nov 19, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-39234
MEDIUM
Apache Ozone < 1.2.0 - Authenticated Security Bypass via Block ID Manipulation
Nov 19, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-39233
CRITICAL
Apache Ozone < 1.2.0 - Unauthenticated Container Request Access
Nov 19, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-39232
HIGH
Apache Ozone < 1.2.0 - Authenticated Missing Authorization for Admin Commands
Nov 19, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-39231
CRITICAL
Apache Ozone < 1.2.0 - Missing Authorization for Internal RPC Endpoints
Nov 19, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-36372
CRITICAL
Apache Ozone <1.2.0 - Info Disclosure
Nov 19, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-42250
MEDIUM
Apache Superset < 1.3.2 - Authenticated Log Forgery via HTTP Endpoint
Nov 17, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-37580
CRITICAL
NUCLEI
Apache ShenYu 2.3.0-2.4.0 - Authentication Bypass via JWT Misuse
Nov 16, 2021
CVSS 9.8
EPSS 0.40
CVE-2021-41972
MEDIUM
Apache Superset <= 1.3.1 - Authenticated Database Connection Password Leak
Nov 12, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-43350
CRITICAL
Apache Traffic Control - Info Disclosure
Nov 11, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-26558
HIGH
Apache ShardingSphere-UI 4.1.1-5.0.0 - Deserialization of Untrusted Data
Nov 11, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-43082
CRITICAL
Apache Traffic Server <9.1.0 - Buffer Overflow
Nov 03, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-41585
HIGH
Apache Traffic Server 5.0.0-9.1.0 - Denial of Service via Socket Connection Handling
Nov 03, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-38161
HIGH
Apache Traffic Server <8.0.9 - Auth Bypass
Nov 03, 2021
CVSS 8.1
EPSS 0.02
CVE-2021-37149
HIGH
Apache Traffic Server 8.0.0-8.1.2 and 9.0.0-9.1.0 - HTTP Request Smuggling via Header Parsing
Nov 03, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-37148
HIGH
Apache Traffic Server 8.0.0-8.1.2 and 9.0.0-9.0.1 - HTTP Request Smuggling via Header Parsing
Nov 03, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-37147
HIGH
Apache Traffic Server 8.0.0-8.1.2 and 9.0.0-9.1.0 - HTTP Request Smuggling via Header Parsing
Nov 03, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27644
HIGH
Apache DolphinScheduler <1.3.6 - SQL Injection
Nov 01, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-41973
MEDIUM
Apache MINA < 2.0.22 - Denial of Service via Malformed HTTP Request
Nov 01, 2021
CVSS 6.5
EPSS 0.04
CVE-2021-40865
CRITICAL
Apache Storm <2.2.1, <2.3.0, <1.2.4 - Open Redirect
Oct 25, 2021
CVSS 9.8
EPSS 0.66
CVE-2021-38294
CRITICAL
Apache Storm <2.2.1, <1.2.4 - Command Injection
Oct 25, 2021
CVSS 9.8
EPSS 0.84
CVE-2021-41971
HIGH
Apache Superset <= 1.3.0 - Authenticated SQL Injection via Custom URL
Oct 18, 2021
CVSS 8.8
EPSS 0.02
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters