apache

3,092 tracked vulnerabilities.

CVE-2021-33037 MEDIUM
Apache Tomcat <10.0.7-8.5.67 - Info Disclosure
Jul 12, 2021
CVSS 5.3
EPSS 0.75
CVE-2021-30640 MEDIUM
Apache Tomcat <10.0.6, <9.0.46, <8.5.66 - Auth Bypass
Jul 12, 2021
CVSS 6.5
EPSS 0.10
CVE-2021-30639 HIGH
Apache Tomcat 10.0.3-10.0.4, 9.0.44, 8.5.64 - Denial of Service via Non-Blocking I/O Error Flag
Jul 12, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-30129 MEDIUM
Apache Mina SSHD <2.7.0 - Buffer Overflow
Jul 12, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-33192 MEDIUM
Apache Jena Fuseki 2.0.0-4.0.0 - Cross-Site Scripting in HTML Pages
Jul 05, 2021
CVSS 6.1
EPSS 0.03
CVE-2021-26920 MEDIUM
Apache Druid < 0.22.0 and druid-core < 0.21.0 - Authenticated Arbitrary File Read via HTTP InputSource
Jul 02, 2021
CVSS 6.5
EPSS 0.10
CVE-2021-35474 CRITICAL
Apache Traffic Server <9.0.2 - Buffer Overflow
Jun 30, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-32567 HIGH
Apache Traffic Server 7.0.0-7.1.12 8.0.0-8.1.1 9.0.0-9.0.1 - Denial of Service via HTTP/2 Input Validation
Jun 30, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-32566 HIGH
Apache Traffic Server 7.0.0-7.1.12, 8.0.0-8.1.1, 9.0.0-9.0.1 - Denial of Service via HTTP/2 Input Validation
Jun 30, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-32565 HIGH
Apache Traffic Server 7.0.0-7.1.12, 8.0.0-8.1.1, 9.0.0-9.0.1 - HTTP Request Smuggling via Content-Length Header
Jun 29, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27577 HIGH
Apache Traffic Server <9.0.2 - Info Disclosure
Jun 29, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-26461 CRITICAL
Apache Nuttx < 10.1.0 - Integer Overflow in Memory Allocation Functions
Jun 21, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-33813 HIGH
JDOM < 2.0.6 - XML External Entity Injection via SAXBuilder
Jun 16, 2021
CVSS 7.5
EPSS 0.19
CVE-2021-30468 HIGH
Apache CXF < 3.3.11 and 3.4.0-3.4.4 - Denial of Service via Malformed JSON
Jun 16, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-31618 HIGH
Apache HTTP Server mod_http2 1.15.17 - Denial of Service via NULL Pointer Dereference in HTTP/2 Header Handling
Jun 15, 2021
CVSS 7.5
EPSS 0.51
CVE-2021-31812 MEDIUM
Apache PDFBox 2.0.0-2.0.23 - Denial of Service via Infinite Loop
Jun 12, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-31811 MEDIUM
Apache PDFBox 2.0.0-2.0.23 - Denial of Service via Crafted PDF File
Jun 12, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-30641 MEDIUM
Apache HTTP Server <2.4.47 - Path Traversal
Jun 10, 2021
CVSS 5.3
EPSS 0.52
CVE-2021-26691 CRITICAL
Apache HTTP Server 2.4.0-2.4.46 - Heap-based Buffer Overflow via SessionHeader
Jun 10, 2021
CVSS 9.8
EPSS 0.68
CVE-2021-26690 HIGH
Apache HTTP Server 2.4.0-2.4.46 - Denial of Service via Crafted Cookie Header in mod_session
Jun 10, 2021
CVSS 7.5
EPSS 0.65
CVE-2021-33190 MEDIUM
Apache APISIX Dashboard <2.6.1 - Info Disclosure
Jun 08, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-29621 MEDIUM
Flask-AppBuilder <= 3.2.3 - Unauthenticated User Enumeration via Timing Attack
Jun 07, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-30181 CRITICAL
Apache Dubbo 2.5.0-2.6.8 and 2.5.0-2.7.8 - Remote Code Execution via Script Routing Rule Parsing
Jun 01, 2021
CVSS 9.8
EPSS 0.61
CVE-2021-30180 CRITICAL
Apache Dubbo < 2.7.10 - Remote Code Execution via Tag Routing YAML Parsing
Jun 01, 2021
CVSS 9.8
EPSS 0.60
CVE-2021-30179 CRITICAL
Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.8, 2.7.0-2.7.9 - Deserialization of Untrusted Data via GenericFilter
Jun 01, 2021
CVSS 9.8
EPSS 0.04