apache

3,092 tracked vulnerabilities.

CVE-2021-32609 MEDIUM
Apache Superset <= 1.1 - Stored Cross-Site Scripting in Explore Page Chart Title
Oct 18, 2021
CVSS 5.4
EPSS 0.02
CVE-2021-42340 HIGH
Apache Tomcat 8.5.60-8.5.71, 9.0.40-9.0.53, 10.0.0-M1-10.0.11, 10.1.0-M1-10.1.0-M5 Memory Leak via WebSocket
Oct 14, 2021
CVSS 7.5
EPSS 0.11
CVE-2021-38295 HIGH
Apache CouchDB - Privilege Escalation
Oct 14, 2021
CVSS 7.3
EPSS 0.02
CVE-2021-42009 MEDIUM
Apache Traffic Control < 5.1.3 - Authenticated Arbitrary Email Spoofing via Delivery Service Request Endpoint
Oct 12, 2021
CVSS 4.3
EPSS 0.03
CVE-2021-41832 HIGH
Apache OpenOffice < 4.1.11 - Cryptographic Signature Verification Bypass
Oct 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-41831 MEDIUM
Apache OpenOffice < 4.1.11 - Cryptographic Signature Timestamp Manipulation
Oct 11, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-41830 HIGH
Apache OpenOffice < 4.1.11 - Cryptographic Signature Verification Bypass
Oct 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-42013 CRITICAL KEVNUCLEI
Apache HTTP Server 2.4.49-2.4.50 - Path Traversal and Remote Code Execution via Alias-like Directives
Oct 07, 2021
CVSS 9.8
EPSS 1.00
CVE-2021-40439 MEDIUM
Apache OpenOffice < 4.1.10 - XML External Entity Injection via Crafted ODF Files
Oct 07, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-28129 HIGH
Apache OpenOffice <4.1.8 - Info Disclosure
Oct 07, 2021
CVSS 7.8
EPSS 0.01
CVE-2021-41773 CRITICAL KEVNUCLEI
Apache 2.4.49/2.4.50 Traversal RCE
Oct 05, 2021
CVSS 9.8
EPSS 1.00
CVE-2021-41524 HIGH
Apache HTTP Server 2.4.49 - Denial of Service via HTTP/2 Request Processing
Oct 05, 2021
CVSS 7.5
EPSS 0.25
CVE-2021-41616 CRITICAL
Apache DB DdlUtils 1.0 - Deserialization of Untrusted Data via BinaryObjectsHelper
Sep 30, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-36749 MEDIUM NUCLEI
Apache Druid < 0.22.0 - Authenticated Arbitrary File Read via HTTP InputSource
Sep 24, 2021
CVSS 6.5
EPSS 0.81
CVE-2021-33035 HIGH
Apache OpenOffice <= 4.1.10 - Remote Code Execution via DBF Field Size Overflow
Sep 23, 2021
CVSS 7.8
EPSS 0.51
CVE-2021-38153 MEDIUM
Apache Kafka <2.8.1-2.8.0 - Timing Attack
Sep 22, 2021
CVSS 5.9
EPSS 0.06
CVE-2021-40690 HIGH
Apache Santuario XML Security for Java < 2.1.7 - Sensitive Information Exposure via XPath Transform
Sep 19, 2021
CVSS 7.5
EPSS 0.11
CVE-2021-41303 CRITICAL
Apache Shiro < 1.8.0 - Authentication Bypass via Spring Boot Integration
Sep 17, 2021
CVSS 9.8
EPSS 0.77
CVE-2021-41079 HIGH
Apache Tomcat 8.5.0-8.5.63 9.0.0-M1-9.0.43 10.0.0-M1-10.0.2 - Denial of Service via TLS Packet Validation Bypass
Sep 16, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-40438 CRITICAL KEVNUCLEI
Apache HTTP Server <2.4.48 - SSRF
Sep 16, 2021
CVSS 9.0
EPSS 1.00
CVE-2021-39275 CRITICAL
Apache HTTP Server < 2.4.49 - Out-of-bounds Write in ap_escape_quotes()
Sep 16, 2021
CVSS 9.8
EPSS 0.36
CVE-2021-39239 HIGH
Apache Jena < 4.1.0 - XML External Entity Injection
Sep 16, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-36160 HIGH
Apache HTTP Server 2.4.30-2.4.48 - Denial of Service via mod_proxy_uwsgi URI Path
Sep 16, 2021
CVSS 7.5
EPSS 0.63
CVE-2021-34798 HIGH
Apache HTTP Server < 2.4.48 - NULL Pointer Dereference
Sep 16, 2021
CVSS 7.5
EPSS 0.65
CVE-2021-40146 CRITICAL
Apache Any23 < 2.5 - Remote Code Execution in YAMLExtractor
Sep 11, 2021
CVSS 9.8
EPSS 0.06