apache
2,904 tracked vulnerabilities.
CVE-2019-14892
CRITICAL
jackson-databind < 2.6.7.3 - Remote Code Execution via Polymorphic Deserialization
Mar 02, 2020
CVSS 9.8
EPSS 0.01
CVE-2019-17569
MEDIUM
Apache Tomcat 7.0.98-7.0.99, 8.5.48-8.5.50, 9.0.28-9.0.30 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
Feb 24, 2020
CVSS 4.8
EPSS 0.06
CVE-2019-12426
MEDIUM
Apache OFBiz <16.11.07 - Info Disclosure
Feb 06, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-20445
CRITICAL
Netty < 4.1.44 - HTTP Request Smuggling via Duplicate Content-Length Header
Jan 29, 2020
CVSS 9.1
EPSS 0.04
CVE-2019-17570
CRITICAL
Apache XML-RPC - Remote Code Execution via Untrusted Deserialization in XmlRpcResponseParser
Jan 23, 2020
CVSS 9.8
EPSS 0.71
CVE-2019-17573
MEDIUM
Apache CXF 3.2.0-3.2.11 - Reflected Cross-Site Scripting via Services Listing Page
Jan 16, 2020
CVSS 6.1
EPSS 0.14
CVE-2019-12423
HIGH
Apache CXF < 3.2.12 - Insufficiently Protected Credentials via JWK Keystore Configuration
Jan 16, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-12398
MEDIUM
Apache Airflow < 1.10.5 - Authenticated Stored Cross-Site Scripting via Metadata Database State Manipulation
Jan 14, 2020
CVSS 4.8
EPSS 0.01
CVE-2019-12399
HIGH
Apache Kafka <2.3.0 - Info Disclosure
Jan 14, 2020
CVSS 7.5
EPSS 0.02
CVE-2019-0219
CRITICAL
Cordova InAppBrowser < 3.0.0 - Arbitrary JavaScript Execution via gap-iab URI
Jan 14, 2020
CVSS 9.8
EPSS 0.09
CVE-2019-17558
HIGH
KEVNUCLEI
Apache Solr 5.0.0-8.3.1 - Remote Code Execution via Velocity Template Injection
Dec 30, 2019
CVSS 7.5
EPSS 0.94
CVE-2019-19924
MEDIUM
SQLite 3.30.1 - Denial of Service via Incorrect Parser-Tree Rewriting
Dec 24, 2019
CVSS 5.3
EPSS 0.06
CVE-2019-12418
HIGH
Apache Tomcat <9.0.29, 8.5.48, 7.0.98 - RCE
Dec 23, 2019
CVSS 7.0
EPSS 0.00
CVE-2019-17563
HIGH
Apache Tomcat <9.0.29, 8.5.49, 7.0.98 - Session Fixation
Dec 23, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-17571
CRITICAL
Apache Log4j <= 1.2.17 - Deserialization of Untrusted Data via SocketServer
Dec 20, 2019
CVSS 9.8
EPSS 0.34
CVE-2019-19906
HIGH
cyrus-sasl < 2.1.28 - Unauthenticated Denial of Service via Malformed LDAP Packet
Dec 19, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-12414
MEDIUM
Apache Superset < 0.32 - Unauthorized Database Name Exposure in SQLLab Dropdown
Dec 16, 2019
CVSS 5.3
EPSS 0.00
CVE-2019-12413
MEDIUM
Apache Incubator Superset <0.31 - Info Disclosure
Dec 16, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-12420
HIGH
Apache SpamAssassin < 3.4.3 - Uncontrolled Resource Consumption
Dec 12, 2019
CVSS 7.5
EPSS 0.14
CVE-2019-19603
HIGH
SQLite 3.30.1 - Denial of Service via SELECT with Nonexistent VIEW
Dec 09, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-17555
HIGH
Apache Olingo 4.0.0-4.6.0 - Denial of Service via Retry-After Header
Dec 04, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-17556
CRITICAL
Apache Olingo 4.0.0-4.6.0 - Deserialization of Untrusted Data in AbstractService
Dec 04, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-17554
MEDIUM
Apache Olingo 4.0.0-4.6.0 - XML External Entity Injection via XML Content Type Deserialization
Dec 04, 2019
CVSS 5.5
EPSS 0.53
CVE-2019-12421
HIGH
Apache NiFi 1.0.0-1.9.2 - Insufficient Session Expiration via Logout
Nov 19, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10083
MEDIUM
Apache NiFi 1.3.0-1.9.2 - Unauthorized Sensitive Information Exposure via Process Group API
Nov 19, 2019
CVSS 5.3
EPSS 0.01
Products
http_server 317
tomcat 254
airflow 120
struts 90
traffic_server 82
ofbiz 74
superset 68
openoffice 60
activemq 57
subversion 47
cxf 46
nifi 46
solr 46
cloudstack 45
camel 40
hadoop 37
inlong 32
openmeetings 28
dolphinscheduler 27
ambari 26
tika 25
jspwiki 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
archiva 20
couchdb 20
Quick Filters