apache

3,095 tracked vulnerabilities.

CVE-2021-26118 HIGH
Apache ActiveMQ Artemis < 2.16.0 - Improper Access Control via OpenWire Advisory Message Creation
Jan 27, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-26117 HIGH
Apache ActiveMQ 5.15.0-5.15.13 and 5.16.0 - Improper Authentication via LDAP Anonymous Bind
Jan 27, 2021
CVSS 7.5
EPSS 0.11
CVE-2021-23901 CRITICAL
Apache Nutch < 1.18 - XML External Entity Injection in DmozParser
Jan 25, 2021
CVSS 9.1
EPSS 0.04
CVE-2021-20190 HIGH
jackson-databind < 2.9.10.7 - Deserialization of Untrusted Data
Jan 19, 2021
CVSS 8.1
EPSS 0.07
CVE-2021-24122 MEDIUM
Apache Tomcat 7.0.0-7.0.106, 8.5.0-8.5.59, 9.0.0.M1-9.0.39, 10.0.0-M1-10.0.0-M9 - JSP Source Code Disclosure
Jan 14, 2021
CVSS 5.9
EPSS 0.23
CVE-2021-23926 CRITICAL
Apache XMLBeans <= 2.6.0 - XML External Entity Injection
Jan 14, 2021
CVSS 9.1
EPSS 0.06
CVE-2020-13929 HIGH
Apache Zeppelin < 0.9.0 - Authentication Bypass
Sep 02, 2021
CVSS 7.5
EPSS 0.03
CVE-2020-9493 CRITICAL
Apache Chainsaw < 2.1.0 - Remote Code Execution via Deserialization
Jun 16, 2021
CVSS 9.8
EPSS 0.05
CVE-2020-35452 HIGH
Apache HTTP Server 2.4.0-2.4.46 - Out-of-bounds Write in mod_auth_digest via Digest Nonce
Jun 10, 2021
CVSS 7.3
EPSS 0.53
CVE-2020-13950 HIGH
Apache HTTP Server 2.4.41-2.4.46 - Denial of Service via Crafted Content-Length and Transfer-Encoding Headers
Jun 10, 2021
CVSS 7.5
EPSS 0.49
CVE-2020-13938 MEDIUM
Apache HTTP Server 2.4.0-2.4.46 - Unauthenticated Denial of Service via Local Stop Command
Jun 10, 2021
CVSS 5.5
EPSS 0.12
CVE-2020-17514 HIGH
Apache Fineract <1.5.0 - Info Disclosure
May 27, 2021
CVSS 7.4
EPSS 0.03
CVE-2020-17517 HIGH
Apache Ozone <1.1.0 - Info Disclosure
Apr 27, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-23922 HIGH
giflib < 5.1.4 - Heap-Based Buffer Over-Read in DumpScreen2RGB
Apr 21, 2021
CVSS 7.1
EPSS 0.02
CVE-2020-1946 CRITICAL
Apache SpamAssassin < 3.4.5 - OS Command Injection via Rule Configuration Files
Mar 25, 2021
CVSS 9.8
EPSS 0.06
CVE-2020-17525 HIGH
Subversion 1.9.0-1.10.6 - Denial of Service via Non-Existing Repository URL
Mar 17, 2021
CVSS 7.5
EPSS 0.40
CVE-2020-13924 HIGH
Apache Ambari < 2.6.2.2 - Path Traversal
Mar 17, 2021
CVSS 7.5
EPSS 0.04
CVE-2020-1926 MEDIUM
Apache Hive <2.3.8 - Info Disclosure
Mar 16, 2021
CVSS 5.9
EPSS 0.02
CVE-2020-13959 MEDIUM
Apache Velocity Tools < 3.1 - Cross-Site Scripting via URL vm File Parameter
Mar 10, 2021
CVSS 6.1
EPSS 0.06
CVE-2020-13936 HIGH
Apache Velocity Engine < 2.3 - Remote Code Execution via Template Modification
Mar 10, 2021
CVSS 8.8
EPSS 0.23
CVE-2020-35451 MEDIUM
Apache Oozie < 5.2.1 - Race Condition in OozieSharelibCLI
Mar 09, 2021
CVSS 4.7
EPSS 0.00
CVE-2020-1936 MEDIUM
Apache Ambari < 2.7.4 - Cross-Site Scripting in Views
Mar 02, 2021
CVSS 6.1
EPSS 0.03
CVE-2020-9479 MEDIUM
Apache AsterixDB < 0.9.5 - Path Traversal via UDF Zip File Extraction
Mar 01, 2021
CVSS 5.5
EPSS 0.02
CVE-2020-27223 MEDIUM
Eclipse Jetty 9.4.6-9.4.36, 10.0.0, 11.0.0 - Denial of Service via Multiple Accept Headers with Quality Parameters
Feb 26, 2021
CVSS 5.2
EPSS 0.78
CVE-2020-11988 HIGH
Apache XmlGraphics Commons < 2.4 - Server-Side Request Forgery via XMPParser
Feb 24, 2021
CVSS 8.2
EPSS 0.07