apache

2,902 tracked vulnerabilities.

CVE-2020-8022 HIGH
tomcat - Incorrect Default Permissions
Jun 29, 2020
CVSS 7.7
EPSS 0.00
CVE-2020-11996 HIGH
Apache Tomcat <10.0.0-M6, <9.0.36, <8.5.56 - DoS
Jun 26, 2020
CVSS 7.5
EPSS 0.45
CVE-2020-10727 MEDIUM
ActiveMQ Artemis <2.12.0 - Info Disclosure
Jun 26, 2020
CVSS 5.5
EPSS 0.00
CVE-2020-9494 HIGH
Apache Traffic Server < 6.2.3 - Resource Allocation Without Limits
Jun 24, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-9480 CRITICAL NUCLEI
Apache Spark <= 2.4.5 - Unauthenticated Remote Code Execution via Standalone Resource Manager
Jun 23, 2020
CVSS 9.8
EPSS 0.88
CVE-2020-11989 CRITICAL
Apache Shiro < 1.5.3 - Authentication Bypass via Spring Dynamic Controllers
Jun 22, 2020
CVSS 9.8
EPSS 0.85
CVE-2020-9495 MEDIUM
Apache Archiva < 2.2.5 - LDAP Injection via Login Form
Jun 19, 2020
CVSS 5.3
EPSS 0.27
CVE-2020-11969 CRITICAL
Apache TomEE 1.0.0-1.7.5, 7.0.0-M1-7.0.7, 7.1.0-7.1.2, 8.0.0-M1-8.0.1 - Unauthenticated JMX Access
Jun 15, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-11980 MEDIUM
Apache Karaf < 4.2.9 - Server-Side Request Forgery via MLet getMBeansFromURL
Jun 12, 2020
CVSS 6.3
EPSS 0.01
CVE-2020-11975 CRITICAL NUCLEI
Apache Unomi < 1.5.1 and 1.5.2-1.5.3 - Remote Code Execution via OGNL Scripting
Jun 05, 2020
CVSS 9.8
EPSS 0.84
CVE-2020-1963 CRITICAL
Apache Ignite < 2.8.0 - Unauthenticated Arbitrary File Access via H2 SQL Functions
Jun 03, 2020
CVSS 9.1
EPSS 0.05
CVE-2020-1956 HIGH KEVNUCLEI
Apache Kylin 2.3.0-2.6.5 and 3.0.1 - OS Command Injection via RESTful API
May 22, 2020
CVSS 8.8
EPSS 0.94
CVE-2020-9484 HIGH NUCLEI
Apache Tomcat < 7.0.108 - Insecure Deserialization
May 20, 2020
CVSS 7.0
EPSS 0.93
CVE-2020-1955 CRITICAL
Apache CouchDB 3.0.0 - Missing Authentication for Critical Function via Misconfiguration
May 20, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-1960 MEDIUM
Apache Flink 1.1.0-1.10.0 - Man-in-the-Middle Attack via JMXRMI Registry Rebinding
May 14, 2020
CVSS 4.7
EPSS 0.00
CVE-2020-1941 MEDIUM
Oracle Flexcube Private Banking - Cross-Site Scripting
May 14, 2020
CVSS 6.1
EPSS 0.05
CVE-2020-11973 CRITICAL
Apache Camel 2.22.0-2.25.0 and 3.0.0-3.1.0 - Deserialization of Untrusted Data via Netty
May 14, 2020
CVSS 9.8
EPSS 0.14
CVE-2020-11972 CRITICAL
Apache Camel 2.22.0-2.25.0 and 3.0.0-3.1.0 - Deserialization of Untrusted Data via RabbitMQ Java Deserialization
May 14, 2020
CVSS 9.8
EPSS 0.07
CVE-2020-11971 HIGH
Apache Camel 2.22.0-3.1.0 - Rebind Flaw in JMX
May 14, 2020
CVSS 7.5
EPSS 0.10
CVE-2020-1945 MEDIUM
Apache Ant 1.1-1.9.14 and 1.10.0-1.10.7 - Information Disclosure and Arbitrary File Write via Temporary Directory
May 14, 2020
CVSS 6.3
EPSS 0.00
CVE-2020-1939 CRITICAL
Apache NuttX apps 6.15-8.2 - NULL Pointer Dereference in ftpd
May 12, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-1961 CRITICAL
Apache Syncope < 2.0.15 and < 2.1.6 - Server-Side Template Injection via Mail Templates
May 04, 2020
CVSS 9.8
EPSS 0.07
CVE-2020-1959 CRITICAL
Apache Syncope < 2.1.6 - Unauthenticated Remote Code Execution via Java EL Expression Injection
May 04, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-9482 MEDIUM
Apache NiFi Registry 0.1.0-0.5.0 - Insufficient Session Expiration
Apr 28, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-9481 HIGH
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.9, 8.0.0-8.0.6 - Resource Consumption via HTTP/2 Slow Read
Apr 27, 2020
CVSS 7.5
EPSS 0.05
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV