apache

3,092 tracked vulnerabilities.

CVE-2021-38555 CRITICAL
Apache Any23 < 2.5 - XML External Entity Injection in StreamUtils.java
Sep 11, 2021
CVSS 9.1
EPSS 0.03
CVE-2021-38540 CRITICAL NUCLEI
Airflow >=2.0.0-<2.1.3 - RCE/Info Disclosure
Sep 09, 2021
CVSS 9.8
EPSS 0.81
CVE-2021-37579 CRITICAL
Apache Dubbo 2.7.0-2.7.12 - Deserialization of Untrusted Data via Security Check Bypass
Sep 09, 2021
CVSS 9.8
EPSS 0.07
CVE-2021-36161 CRITICAL
Apache Dubbo < 2.7.13 - Remote Code Execution via Format String Injection in toString Call
Sep 09, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-36163 CRITICAL
Apache Dubbo 2.7.0-2.7.12 - Deserialization of Untrusted Data via Hessian Protocol
Sep 07, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-36162 HIGH
Apache Dubbo 2.7.0-2.7.12 and 0-2.7.12 - Remote Code Execution via SnakeYAML Constructor Deserialization
Sep 07, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-27578 MEDIUM
Apache Zeppelin < 0.9.0 - Cross-Site Scripting in Markdown Interpreter
Sep 02, 2021
CVSS 6.1
EPSS 0.03
CVE-2021-25958 MEDIUM
Apache OFBiz 17.12.01-17.12.07 - Information Disclosure via Exception Handling
Aug 30, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-33191 CRITICAL
Apache NiFi MiNiFi C++ <0.10.0 - Privilege Escalation
Aug 24, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-35940 HIGH
Apache Portable Runtime <1.7.0 - Info Disclosure
Aug 23, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-37608 CRITICAL
Apache OFBiz < 17.12.08 - Unrestricted Upload of File with Dangerous Type
Aug 18, 2021
CVSS 9.8
EPSS 0.06
CVE-2021-33580 HIGH
Apache Roller < 6.0.2 - Denial of Service via Regex Catastrophic Backtracking
Aug 18, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-35936 MEDIUM
Apache Airflow < 2.1.2 - Info Disclosure
Aug 16, 2021
CVSS 5.3
EPSS 0.04
CVE-2021-33193 HIGH
Apache HTTP Server <2.4.49 - SSRF
Aug 16, 2021
CVSS 7.5
EPSS 0.46
CVE-2021-21501 HIGH
ServiceComb 1.0.0-1.x.x - Path Traversal
Aug 10, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-37578 CRITICAL
Apache jUDDI < 3.3.10 - Remote Code Execution via RMI Deserialization
Jul 29, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-33900 HIGH
Apache Directory Studio < 2.0.0.v20210717-M17 - Cleartext Transmission of Sensitive Information via StartTLS and SASL
Jul 26, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-28131 HIGH
Apache Impala < 4.0.0 - Authenticated Session Hijacking via Logged Session Secrets
Jul 22, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-24117 MEDIUM
Apache Teaclave SGX SDK 1.1.3 - Side-Channel Information Disclosure via Base64 PEM Decoding
Jul 14, 2021
CVSS 4.9
EPSS 0.02
CVE-2021-36374 MEDIUM
Apache Ant <1.9.16, 1.10.11 - Memory Corruption
Jul 14, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-36373 MEDIUM
Apache Ant <1.9.16, 1.10.11 - Memory Corruption
Jul 14, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-36090 HIGH
Apache Commons Compress 1.0-1.20 - Denial of Service via Malicious ZIP Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.13
CVE-2021-35517 HIGH
Apache Commons Compress 1.1-1.19 - Denial of Service via Malicious TAR Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.11
CVE-2021-35516 HIGH
Apache Commons Compress 1.6-1.19 - Denial of Service via Malicious 7Z Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.12
CVE-2021-35515 HIGH
Apache Commons Compress 1.6-1.19 - Denial of Service via Crafted 7Z Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.12