apache

3,095 tracked vulnerabilities.

CVE-2020-11987 HIGH
Apache Batik < 1.13 - Server-Side Request Forgery via NodePickerPanel
Feb 24, 2021
CVSS 8.2
EPSS 0.14
CVE-2020-13949 HIGH
Apache Thrift 0.9.3-0.13.0 - Uncontrolled Resource Consumption via Short RPC Messages
Feb 12, 2021
CVSS 7.5
EPSS 0.07
CVE-2020-13947 MEDIUM
Apache ActiveMQ 5.15.12-5.16.0 - Stored Cross-Site Scripting in message.jsp
Feb 08, 2021
CVSS 6.1
EPSS 0.79
CVE-2020-17523 CRITICAL
Apache Shiro < 1.7.1 - Authentication Bypass via Crafted HTTP Request
Feb 03, 2021
CVSS 9.8
EPSS 0.86
CVE-2020-17516 HIGH
Apache Cassandra <3.11.10 - Info Disclosure
Feb 03, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-9492 HIGH
Apache Hadoop 2.0.0-2.10.0 and 3.0.0-alpha1-3.2.1 - Incorrect Authorization via WebHDFS SPNEGO Header
Jan 26, 2021
CVSS 8.8
EPSS 0.04
CVE-2020-36230 HIGH
OpenLDAP < 2.4.57 - Denial of Service via X.509 DN Parsing Assertion Failure
Jan 26, 2021
CVSS 7.5
EPSS 0.12
CVE-2020-17522 MEDIUM
Apache Traffic Control <4.1.0 - Info Disclosure
Jan 26, 2021
CVSS 5.8
EPSS 0.04
CVE-2020-17532 HIGH
Apache ServiceComb-Java-Chassis <2.1.4 - Authenticated RCE
Jan 25, 2021
CVSS 8.8
EPSS 0.03
CVE-2020-11997 MEDIUM
Apache Guacamole < 1.2.0 - Unauthorized Connection History Access
Jan 19, 2021
CVSS 4.3
EPSS 0.01
CVE-2020-17534 HIGH
HTML/Java API <1.7.1 - Privilege Escalation
Jan 11, 2021
CVSS 7.0
EPSS 0.00
CVE-2020-17509 HIGH
Apache Traffic Server <8.1.0 - Cache Poisoning
Jan 11, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-17508 HIGH
Apache Traffic Server <8.2 - Info Disclosure
Jan 11, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-13922 MEDIUM
Apache DolphinScheduler < 1.3.2 - Unauthenticated Password Override via API Interface
Jan 11, 2021
CVSS 6.5
EPSS 0.02
CVE-2020-11995 CRITICAL
Apache Dubbo 2.5.0-2.5.9 and 2.7.0-2.7.7 - Remote Code Execution via Hessian2 Deserialization
Jan 11, 2021
CVSS 9.8
EPSS 0.06
CVE-2020-17519 HIGH KEVNUCLEI
Apache Flink JobManager Traversal
Jan 05, 2021
CVSS 7.5
EPSS 0.98
CVE-2020-17518 HIGH NUCLEI
Apache Flink <1.11.3-1.12.0 - Path Traversal
Jan 05, 2021
CVSS 7.5
EPSS 0.50
CVE-2020-17533 HIGH
Apache Accumulo <2.0.0 - Privilege Escalation
Dec 29, 2020
CVSS 8.1
EPSS 0.04
CVE-2020-17526 HIGH NUCLEI
Apache Airflow Webserver <1.10.14 - Info Disclosure
Dec 21, 2020
CVSS 7.7
EPSS 0.23
CVE-2020-17520 MEDIUM
Pulsar manager <0.1.0 - Auth Bypass
Dec 18, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-11974 CRITICAL
Apache DolphinScheduler 1.2.0-1.2.1 - Remote Code Execution via MySQL ConnectorJ
Dec 18, 2020
CVSS 9.8
EPSS 0.08
CVE-2020-28052 HIGH
Legion of the Bouncy Castle BC Java <1.67 - Info Disclosure
Dec 18, 2020
CVSS 8.1
EPSS 0.07
CVE-2020-13931 CRITICAL
Apache TomEE <8.0.4 - Unauthenticated RCE
Dec 18, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-26259 MEDIUM
XStream <1.4.15 - File Deletion
Dec 16, 2020
CVSS 6.8
EPSS 0.82
CVE-2020-26258 MEDIUM NUCLEI
XStream <1.4.15 - Server-Side Request Forgery via XML Unmarshalling
Dec 16, 2020
CVSS 6.3
EPSS 0.82