apache
3,092 tracked vulnerabilities.
CVE-2021-33037
MEDIUM
Apache Tomcat <10.0.7-8.5.67 - Info Disclosure
Jul 12, 2021
CVSS 5.3
EPSS 0.75
CVE-2021-30640
MEDIUM
Apache Tomcat <10.0.6, <9.0.46, <8.5.66 - Auth Bypass
Jul 12, 2021
CVSS 6.5
EPSS 0.10
CVE-2021-30639
HIGH
Apache Tomcat 10.0.3-10.0.4, 9.0.44, 8.5.64 - Denial of Service via Non-Blocking I/O Error Flag
Jul 12, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-30129
MEDIUM
Apache Mina SSHD <2.7.0 - Buffer Overflow
Jul 12, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-33192
MEDIUM
Apache Jena Fuseki 2.0.0-4.0.0 - Cross-Site Scripting in HTML Pages
Jul 05, 2021
CVSS 6.1
EPSS 0.03
CVE-2021-26920
MEDIUM
Apache Druid < 0.22.0 and druid-core < 0.21.0 - Authenticated Arbitrary File Read via HTTP InputSource
Jul 02, 2021
CVSS 6.5
EPSS 0.10
CVE-2021-35474
CRITICAL
Apache Traffic Server <9.0.2 - Buffer Overflow
Jun 30, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-32567
HIGH
Apache Traffic Server 7.0.0-7.1.12 8.0.0-8.1.1 9.0.0-9.0.1 - Denial of Service via HTTP/2 Input Validation
Jun 30, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-32566
HIGH
Apache Traffic Server 7.0.0-7.1.12, 8.0.0-8.1.1, 9.0.0-9.0.1 - Denial of Service via HTTP/2 Input Validation
Jun 30, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-32565
HIGH
Apache Traffic Server 7.0.0-7.1.12, 8.0.0-8.1.1, 9.0.0-9.0.1 - HTTP Request Smuggling via Content-Length Header
Jun 29, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27577
HIGH
Apache Traffic Server <9.0.2 - Info Disclosure
Jun 29, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-26461
CRITICAL
Apache Nuttx < 10.1.0 - Integer Overflow in Memory Allocation Functions
Jun 21, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-33813
HIGH
JDOM < 2.0.6 - XML External Entity Injection via SAXBuilder
Jun 16, 2021
CVSS 7.5
EPSS 0.19
CVE-2021-30468
HIGH
Apache CXF < 3.3.11 and 3.4.0-3.4.4 - Denial of Service via Malformed JSON
Jun 16, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-31618
HIGH
Apache HTTP Server mod_http2 1.15.17 - Denial of Service via NULL Pointer Dereference in HTTP/2 Header Handling
Jun 15, 2021
CVSS 7.5
EPSS 0.51
CVE-2021-31812
MEDIUM
Apache PDFBox 2.0.0-2.0.23 - Denial of Service via Infinite Loop
Jun 12, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-31811
MEDIUM
Apache PDFBox 2.0.0-2.0.23 - Denial of Service via Crafted PDF File
Jun 12, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-30641
MEDIUM
Apache HTTP Server <2.4.47 - Path Traversal
Jun 10, 2021
CVSS 5.3
EPSS 0.52
CVE-2021-26691
CRITICAL
Apache HTTP Server 2.4.0-2.4.46 - Heap-based Buffer Overflow via SessionHeader
Jun 10, 2021
CVSS 9.8
EPSS 0.68
CVE-2021-26690
HIGH
Apache HTTP Server 2.4.0-2.4.46 - Denial of Service via Crafted Cookie Header in mod_session
Jun 10, 2021
CVSS 7.5
EPSS 0.65
CVE-2021-33190
MEDIUM
Apache APISIX Dashboard <2.6.1 - Info Disclosure
Jun 08, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-29621
MEDIUM
Flask-AppBuilder <= 3.2.3 - Unauthenticated User Enumeration via Timing Attack
Jun 07, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-30181
CRITICAL
Apache Dubbo 2.5.0-2.6.8 and 2.5.0-2.7.8 - Remote Code Execution via Script Routing Rule Parsing
Jun 01, 2021
CVSS 9.8
EPSS 0.61
CVE-2021-30180
CRITICAL
Apache Dubbo < 2.7.10 - Remote Code Execution via Tag Routing YAML Parsing
Jun 01, 2021
CVSS 9.8
EPSS 0.60
CVE-2021-30179
CRITICAL
Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.8, 2.7.0-2.7.9 - Deserialization of Untrusted Data via GenericFilter
Jun 01, 2021
CVSS 9.8
EPSS 0.04
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters