apache

2,902 tracked vulnerabilities.

CVE-2020-1932 MEDIUM
Apache Superset 0.34.0-0.35.1 - Authenticated Information Disclosure via Undocumented API Endpoint
Jan 28, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-1928 MEDIUM
Apache NiFi 1.10.0 - Sensitive Information Disclosure in Parameter Parser
Jan 28, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-1929 HIGH
Apache Beam 2.10.0-2.16.0 - Improper Certificate Validation in MongoDB Connector
Jan 15, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-1925 HIGH
Apache Olingo 4.0.0-4.7.0 - Server-Side Request Forgery via Location Header
Jan 09, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-5499 CRITICAL
Baidu Rust SGX SDK <1.0.8 - Use After Free
Jan 04, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-10095 CRITICAL
Apache Zeppelin <0.9.0 - Command Injection
Sep 02, 2021
CVSS 9.8
EPSS 0.03
CVE-2019-17567 MEDIUM
Apache HTTP Server 2.4.6-2.4.46 - HTTP Request Smuggling via mod_proxy_wstunnel
Jun 10, 2021
CVSS 5.3
EPSS 0.12
CVE-2019-12412 HIGH
Apache libapreq2 2.07-2.13 - Denial of Service via Multipart Parser Null Pointer Dereference
Nov 19, 2020
CVSS 7.5
EPSS 0.02
CVE-2019-17566 HIGH
Apache Batik < 1.13 - Server-Side Request Forgery via xlink:href Attribute
Nov 12, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-0233 HIGH
Apache Struts 2.0.0-2.5.20 - Denial of Service via File Upload Permission Override
Sep 14, 2020
CVSS 7.5
EPSS 0.08
CVE-2019-0230 CRITICAL NUCLEI
Apache Struts 2.0.0-2.5.20 - Remote Code Execution via Forced Double OGNL Evaluation
Sep 14, 2020
CVSS 9.8
EPSS 0.94
CVE-2019-17572 MEDIUM
Apache RocketMQ 4.2.0-4.6.0 - Path Traversal via Automatic Topic Creation
May 14, 2020
CVSS 5.3
EPSS 0.02
CVE-2019-17562 CRITICAL
Apache CloudStack < 4.13.1.0 - Buffer Overflow via Baremetal Virtual Router MAC Parameter
May 14, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-17557 MEDIUM
Apache Syncope < 2.0.15 - Cross-Site Scripting via Login Page successMessage Parameter
May 04, 2020
CVSS 5.4
EPSS 0.01
CVE-2019-12425 HIGH
Apache OFBiz 17.12.01 - Host Header Injection
Apr 30, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-0235 HIGH
Apache OFBiz 17.12.01 - Cross-Site Request Forgery
Apr 30, 2020
CVSS 8.8
EPSS 0.05
CVE-2019-17564 CRITICAL NUCLEI
Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.7, 2.7.0-2.7.4 - Remote Code Execution via Unsafe Java Deserialization
Apr 01, 2020
CVSS 9.8
EPSS 0.94
CVE-2019-17561 HIGH
Apache NetBeans <= 11.2 - Improper Verification of Cryptographic Signature
Mar 30, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-17560 CRITICAL
Apache NetBeans <= 11.2 - Improper Certificate Validation in Autoupdate System
Mar 30, 2020
CVSS 9.1
EPSS 0.02
CVE-2019-17565 CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling via Chunked Encoding
Mar 23, 2020
CVSS 9.8
EPSS 0.01
CVE-2019-17559 CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling via Scheme Parsing
Mar 23, 2020
CVSS 9.8
EPSS 0.01
CVE-2019-12416 MEDIUM
Apache DeltaSpike < 1.9.2 and 1.9.4 - Injection in ClientSideWindowStrategy
Mar 19, 2020
CVSS 6.1
EPSS 0.01
CVE-2019-10091 HIGH
Apache Geode < 1.10.0 - Improper Certificate Validation
Mar 16, 2020
CVSS 7.4
EPSS 0.00
CVE-2019-14892 CRITICAL
jackson-databind < 2.6.7.3 - Remote Code Execution via Polymorphic Deserialization
Mar 02, 2020
CVSS 9.8
EPSS 0.01
CVE-2019-17569 MEDIUM
Apache Tomcat 7.0.98-7.0.99, 8.5.48-8.5.50, 9.0.28-9.0.30 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
Feb 24, 2020
CVSS 4.8
EPSS 0.06
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV