apache
3,095 tracked vulnerabilities.
CVE-2020-11987
HIGH
Apache Batik < 1.13 - Server-Side Request Forgery via NodePickerPanel
Feb 24, 2021
CVSS 8.2
EPSS 0.14
CVE-2020-13949
HIGH
Apache Thrift 0.9.3-0.13.0 - Uncontrolled Resource Consumption via Short RPC Messages
Feb 12, 2021
CVSS 7.5
EPSS 0.07
CVE-2020-13947
MEDIUM
Apache ActiveMQ 5.15.12-5.16.0 - Stored Cross-Site Scripting in message.jsp
Feb 08, 2021
CVSS 6.1
EPSS 0.79
CVE-2020-17523
CRITICAL
Apache Shiro < 1.7.1 - Authentication Bypass via Crafted HTTP Request
Feb 03, 2021
CVSS 9.8
EPSS 0.86
CVE-2020-17516
HIGH
Apache Cassandra <3.11.10 - Info Disclosure
Feb 03, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-9492
HIGH
Apache Hadoop 2.0.0-2.10.0 and 3.0.0-alpha1-3.2.1 - Incorrect Authorization via WebHDFS SPNEGO Header
Jan 26, 2021
CVSS 8.8
EPSS 0.04
CVE-2020-36230
HIGH
OpenLDAP < 2.4.57 - Denial of Service via X.509 DN Parsing Assertion Failure
Jan 26, 2021
CVSS 7.5
EPSS 0.12
CVE-2020-17522
MEDIUM
Apache Traffic Control <4.1.0 - Info Disclosure
Jan 26, 2021
CVSS 5.8
EPSS 0.04
CVE-2020-17532
HIGH
Apache ServiceComb-Java-Chassis <2.1.4 - Authenticated RCE
Jan 25, 2021
CVSS 8.8
EPSS 0.03
CVE-2020-11997
MEDIUM
Apache Guacamole < 1.2.0 - Unauthorized Connection History Access
Jan 19, 2021
CVSS 4.3
EPSS 0.01
CVE-2020-17534
HIGH
HTML/Java API <1.7.1 - Privilege Escalation
Jan 11, 2021
CVSS 7.0
EPSS 0.00
CVE-2020-17509
HIGH
Apache Traffic Server <8.1.0 - Cache Poisoning
Jan 11, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-17508
HIGH
Apache Traffic Server <8.2 - Info Disclosure
Jan 11, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-13922
MEDIUM
Apache DolphinScheduler < 1.3.2 - Unauthenticated Password Override via API Interface
Jan 11, 2021
CVSS 6.5
EPSS 0.02
CVE-2020-11995
CRITICAL
Apache Dubbo 2.5.0-2.5.9 and 2.7.0-2.7.7 - Remote Code Execution via Hessian2 Deserialization
Jan 11, 2021
CVSS 9.8
EPSS 0.06
CVE-2020-17519
HIGH
KEVNUCLEI
Apache Flink JobManager Traversal
Jan 05, 2021
CVSS 7.5
EPSS 0.98
CVE-2020-17518
HIGH
NUCLEI
Apache Flink <1.11.3-1.12.0 - Path Traversal
Jan 05, 2021
CVSS 7.5
EPSS 0.50
CVE-2020-17533
HIGH
Apache Accumulo <2.0.0 - Privilege Escalation
Dec 29, 2020
CVSS 8.1
EPSS 0.04
CVE-2020-17526
HIGH
NUCLEI
Apache Airflow Webserver <1.10.14 - Info Disclosure
Dec 21, 2020
CVSS 7.7
EPSS 0.23
CVE-2020-17520
MEDIUM
Pulsar manager <0.1.0 - Auth Bypass
Dec 18, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-11974
CRITICAL
Apache DolphinScheduler 1.2.0-1.2.1 - Remote Code Execution via MySQL ConnectorJ
Dec 18, 2020
CVSS 9.8
EPSS 0.08
CVE-2020-28052
HIGH
Legion of the Bouncy Castle BC Java <1.67 - Info Disclosure
Dec 18, 2020
CVSS 8.1
EPSS 0.07
CVE-2020-13931
CRITICAL
Apache TomEE <8.0.4 - Unauthenticated RCE
Dec 18, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-26259
MEDIUM
XStream <1.4.15 - File Deletion
Dec 16, 2020
CVSS 6.8
EPSS 0.82
CVE-2020-26258
MEDIUM
NUCLEI
XStream <1.4.15 - Server-Side Request Forgery via XML Unmarshalling
Dec 16, 2020
CVSS 6.3
EPSS 0.82
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters