apache

3,095 tracked vulnerabilities.

CVE-2020-17513 MEDIUM
Apache Airflow < 1.10.13 - Server-Side Request Forgery via Charts and Query View
Dec 14, 2020
CVSS 5.3
EPSS 0.04
CVE-2020-17511 MEDIUM
Apache Airflow < 1.10.13 - Cleartext Storage of Sensitive Information in Log Table
Dec 14, 2020
CVSS 6.5
EPSS 0.03
CVE-2020-17515 MEDIUM
Apache Airflow < 1.10.15 - Cross-Site Scripting via Origin Parameter
Dec 11, 2020
CVSS 6.1
EPSS 0.16
CVE-2020-17530 CRITICAL KEVNUCLEI
Apache Struts 2 Forced Multi OGNL Evaluation
Dec 11, 2020
CVSS 9.8
EPSS 0.96
CVE-2020-17529 CRITICAL
Apache NuttX <9.1.0, 10.0.0 - Memory Corruption
Dec 09, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-17528 CRITICAL
Apache NuttX <10.0.0 - Memory Corruption
Dec 09, 2020
CVSS 9.1
EPSS 0.03
CVE-2020-17531 CRITICAL
Apache Tapestry 4 - Deserialization
Dec 08, 2020
CVSS 9.8
EPSS 0.10
CVE-2020-17521 MEDIUM
Apache Groovy <4.0.0 - Info Disclosure
Dec 07, 2020
CVSS 5.5
EPSS 0.01
CVE-2020-13945 MEDIUM NUCLEI
Apache APISIX <1.6 - Privilege Escalation
Dec 07, 2020
CVSS 6.5
EPSS 0.73
CVE-2020-17527 HIGH
Apache Tomcat <10.0.0-M9, 9.0.39, 8.5.59 - Info Disclosure
Dec 03, 2020
CVSS 7.5
EPSS 0.25
CVE-2020-25649 HIGH
jackson-databind 2.6.0-2.6.7.3 - XML External Entity Injection
Dec 03, 2020
CVSS 7.5
EPSS 0.18
CVE-2020-13956 MEDIUM
Apache HttpClient <4.5.13, 5.0.3 - SSRF
Dec 02, 2020
CVSS 5.3
EPSS 0.09
CVE-2020-11990 LOW
Cordova (Android) - Info Disclosure
Dec 01, 2020
CVSS 3.3
EPSS 0.01
CVE-2020-27218 MEDIUM
Eclipse Jetty 9.4.0-9.4.34 - Sensitive Information Exposure via GZIP Request Body Reuse
Nov 28, 2020
CVSS 4.8
EPSS 0.08
CVE-2020-13942 CRITICAL NUCLEI
Apache Unomi 1.5.0-1.5.1 - Unauthenticated Remote Code Execution via /context.json Endpoint
Nov 24, 2020
CVSS 9.8
EPSS 0.68
CVE-2020-13958 HIGH
Apache OpenOffice 4.0.0-4.1.7 - Unauthenticated Arbitrary Executable Execution via Hyperlink in Scripting Events
Nov 17, 2020
CVSS 7.8
EPSS 0.03
CVE-2020-26217 HIGH NUCLEI
XStream < 1.4.14 - Remote Code Execution via Blocklist Bypass
Nov 16, 2020
CVSS 8.0
EPSS 0.85
CVE-2020-13954 MEDIUM
Apache CXF < 3.3.8 - Reflected Cross-Site Scripting via styleSheetPath
Nov 12, 2020
CVSS 6.1
EPSS 0.43
CVE-2020-13927 CRITICAL KEVNUCLEI
Apache Airflow < 1.10.11 - Unauthenticated Remote Code Execution via Experimental API
Nov 10, 2020
CVSS 9.8
EPSS 1.00
CVE-2020-17510 CRITICAL
Apache Shiro < 1.7.0 - Authentication Bypass via Crafted HTTP Request
Nov 05, 2020
CVSS 9.8
EPSS 0.09
CVE-2020-27216 HIGH
Eclipse Jetty <9.4.32.v20200930, 10.0.0.alpha1-11.0.0.beta2 - Info ...
Oct 23, 2020
CVSS 7.0
EPSS 0.04
CVE-2020-13937 MEDIUM NUCLEI
Apache Kylin <4.0.0 - Info Disclosure
Oct 19, 2020
CVSS 5.3
EPSS 0.78
CVE-2020-13957 CRITICAL
Apache Solr 6.6.0-6.6.6 7.0.0-7.7.3 8.0.0-8.6.2 - Unauthenticated ConfigSet Upload Bypass
Oct 13, 2020
CVSS 9.8
EPSS 0.79
CVE-2020-15250 MEDIUM
JUnit4 4.7-4.13 - Local Information Disclosure via TemporaryFolder Rule
Oct 12, 2020
CVSS 4.4
EPSS 0.02
CVE-2020-13943 MEDIUM
Apache Tomcat 10.0.0-M1-10.0.0-M7,9.0.0.M1-9.0.37,8.5.0-8.5.57 - In...
Oct 12, 2020
CVSS 4.3
EPSS 0.57