apache

2,902 tracked vulnerabilities.

CVE-2020-1952 CRITICAL
Apache IoTDB 0.8.0-0.8.2 and 0.9.0-0.9.1 - Unauthenticated Remote Code Execution via JMX Port
Apr 27, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-9488 LOW
Apache Log4j 2.0-2.12.2, 2.13.0 - Improper Certificate Validation in SMTP Appender
Apr 27, 2020
CVSS 3.7
EPSS 0.00
CVE-2020-9489 MEDIUM
Apache Tika < 1.24.1 - Denial of Service via Crafted File in Multiple Parsers
Apr 27, 2020
CVSS 5.5
EPSS 0.00
CVE-2020-1964 CRITICAL
Apache Heron 0.20.0-incubating-0.20.2-incubating - Remote Code Execution via YAML Deserialization
Apr 16, 2020
CVSS 9.8
EPSS 0.10
CVE-2020-1927 MEDIUM
Apache HTTP Server 2.4.0-2.4.41 - URL Redirection to Untrusted Site via Encoded Newlines
Apr 02, 2020
CVSS 6.1
EPSS 0.05
CVE-2020-1958 MEDIUM
Apache Druid 0.17.0 - Authentication Bypass and Information Disclosure via LDAP User Search
Apr 01, 2020
CVSS 6.5
EPSS 0.16
CVE-2020-1954 MEDIUM
Apache CXF < 3.2.13 - Man-in-the-Middle Attack via JMX InstrumentationManager
Apr 01, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-1934 MEDIUM
Apache HTTP Server 2.4.0-2.4.41 - Use of Uninitialized Resource in mod_proxy_ftp
Apr 01, 2020
CVSS 5.3
EPSS 0.27
CVE-2020-1949 MEDIUM
Sling CMS < 0.16.0 - Reflected Cross-Site Scripting via Sling Selector
Apr 01, 2020
CVSS 6.1
EPSS 0.02
CVE-2020-1943 MEDIUM NUCLEI
Apache OFBiz 16.11.01-16.11.07 - Cross-Site Scripting via Unsanitized contentId Parameter
Apr 01, 2020
CVSS 6.1
EPSS 0.84
CVE-2020-1957 CRITICAL
Apache Shiro < 1.5.2 - Authentication Bypass via Spring Dynamic Controllers
Mar 25, 2020
CVSS 9.8
EPSS 0.89
CVE-2020-1944 CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling
Mar 23, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-1951 MEDIUM
Apache Tika 1.0-1.23 - Denial of Service via Crafted PSD File
Mar 23, 2020
CVSS 5.5
EPSS 0.00
CVE-2020-1950 MEDIUM
Apache Tika 1.0-1.23 - Uncontrolled Resource Consumption in PSDParser
Mar 23, 2020
CVSS 5.5
EPSS 0.00
CVE-2020-1953 CRITICAL
Apache Commons Configuration <2.7 - Code Injection
Mar 13, 2020
CVSS 10.0
EPSS 0.03
CVE-2020-1947 CRITICAL
Apache ShardingSphere 4.0.0-RC3-4.0.0 - Remote Code Execution via SnakeYAML Deserialization
Mar 11, 2020
CVSS 9.8
EPSS 0.85
CVE-2020-1938 CRITICAL KEVNUCLEI
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.0.30 - Remote Code Execution via AJP File Read and JSP Processing
Feb 24, 2020
CVSS 9.8
EPSS 0.94
CVE-2020-1935 MEDIUM
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.30 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
Feb 24, 2020
CVSS 4.8
EPSS 0.01
CVE-2020-1937 HIGH
Apache Kylin 2.3.0-2.3.1 and 2.6.0-2.6.4 - SQL Injection via RESTful API Input
Feb 24, 2020
CVSS 8.8
EPSS 0.07
CVE-2020-1942 HIGH
Apache NiFi 0.0.1-1.11.0 - Sensitive Information Disclosure in Flow Fingerprint Logs
Feb 11, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-5529 HIGH
HtmlUnit < 2.37.0 - Remote Code Execution via Improper Rhino Engine Initialization
Feb 11, 2020
CVSS 8.1
EPSS 0.02
CVE-2020-1931 HIGH
Apache SpamAssassin < 3.4.3 - OS Command Injection via Configuration Files
Jan 30, 2020
CVSS 8.1
EPSS 0.01
CVE-2020-1930 HIGH
Apache SpamAssassin < 3.4.3 - OS Command Injection via Rule Configuration Files
Jan 30, 2020
CVSS 8.1
EPSS 0.01
CVE-2020-1940 HIGH
Apache Jackrabbit Oak 1.2.0-1.22.0 - Sensitive Information Disclosure via Password Change Feature
Jan 28, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-1933 MEDIUM
Apache NiFi 1.0.0-1.10.0 - Cross-Site Scripting via Firefox UI Injection
Jan 28, 2020
CVSS 6.1
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV