apache
3,095 tracked vulnerabilities.
CVE-2020-13955
MEDIUM
Apache Calcite < 1.26 - Improper Certificate Validation in HttpUtils#getURLConnection
Oct 09, 2020
CVSS 5.9
EPSS 0.02
CVE-2020-9491
HIGH
Apache NiFi 1.2.0-1.11.4 - Use of a Broken or Risky Cryptographic Algorithm
Oct 01, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-9487
HIGH
Apache NiFi 1.0.0-1.11.4 - Unauthenticated Denial of Service via Download Token Flooding
Oct 01, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-9486
HIGH
Apache NiFi 1.10.0-1.11.4 - Sensitive Information Disclosure in Stateless Execution Engine Logs
Oct 01, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-13940
MEDIUM
Apache NiFi 1.0.0-1.11.4 - XML External Entity Injection via Malicious XML Configuration
Oct 01, 2020
CVSS 5.5
EPSS 0.02
CVE-2020-11979
HIGH
Apache Ant <1.10.8 - Code Injection
Oct 01, 2020
CVSS 7.5
EPSS 0.08
CVE-2020-13952
HIGH
Apache Superset < 0.37.2 - Authenticated Information Disclosure and Security Bypass
Sep 30, 2020
CVSS 8.1
EPSS 0.02
CVE-2020-13953
MEDIUM
Apache Tapestry <5.5.0 - Info Disclosure
Sep 30, 2020
CVSS 5.3
EPSS 0.03
CVE-2020-13951
HIGH
Apache OpenMeetings 4.0.0-5.0.0 - Denial of Service via NetTest Web Service
Sep 30, 2020
CVSS 7.5
EPSS 0.70
CVE-2020-13944
MEDIUM
Apache Airflow < 1.10.12 - Cross-Site Scripting via Origin Parameter
Sep 17, 2020
CVSS 6.1
EPSS 0.25
CVE-2020-13948
HIGH
Apache Superset <0.37.1 - Privilege Escalation
Sep 17, 2020
CVSS 8.8
EPSS 0.03
CVE-2020-13928
MEDIUM
Apache Atlas < 2.1.0 - Stored Cross-Site Scripting via Search and Element Rendering
Sep 16, 2020
CVSS 6.1
EPSS 0.03
CVE-2020-11977
HIGH
Apache Syncope 2.1.0-2.1.6 - Authenticated Remote Code Execution via Flowable Shell Service Task
Sep 15, 2020
CVSS 7.2
EPSS 0.03
CVE-2020-11991
HIGH
NUCLEI
Apache Cocoon 2.1.12 - XML Injection
Sep 11, 2020
CVSS 7.5
EPSS 0.72
CVE-2020-13920
MEDIUM
Apache ActiveMQ < 5.15.12 - Unauthenticated JMX RMI Registry Manipulation
Sep 10, 2020
CVSS 5.9
EPSS 0.05
CVE-2020-11998
CRITICAL
Apache ActiveMQ JMX RMIConnectorServer - Remote Code Execution
Sep 10, 2020
CVSS 9.8
EPSS 0.51
CVE-2020-11986
CRITICAL
Apache NetBeans <12.0 - Code Injection
Sep 09, 2020
CVSS 9.8
EPSS 0.10
CVE-2020-13946
MEDIUM
Apache Cassandra < 2.1.22, 2.2.18, 3.0.22, 3.11.8, 4.0-beta2 - Credential Exposure via JMX RMI
Sep 01, 2020
CVSS 5.9
EPSS 0.03
CVE-2020-13933
HIGH
Apache Shiro < 1.6.0 - Authentication Bypass via Specially Crafted HTTP Request
Aug 17, 2020
CVSS 7.5
EPSS 0.48
CVE-2020-13941
HIGH
Apache Solr < 8.6.0 - Unauthenticated Arbitrary File Read and Write via Replication Handler Location Parameter
Aug 17, 2020
CVSS 8.8
EPSS 0.04
CVE-2020-11976
HIGH
Apache Wicket <9.0.0-M5 - Info Disclosure
Aug 11, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-9490
HIGH
Apache HTTP Server 2.4.20-2.4.43 - Denial of Service via Crafted Cache-Digest Header
Aug 07, 2020
CVSS 7.5
EPSS 0.90
CVE-2020-11993
HIGH
Apache HTTP Server 2.4.20-2.4.43 - HTTP Request Smuggling via HTTP/2 Module Logging
Aug 07, 2020
CVSS 7.5
EPSS 0.59
CVE-2020-11985
MEDIUM
Apache HTTP Server 2.4.1-2.4.23 - IP Address Spoofing via mod_remoteip and mod_rewrite
Aug 07, 2020
CVSS 5.3
EPSS 0.07
CVE-2020-11984
CRITICAL
NUCLEI
Apache HTTP Server - Remote Code Execution
Aug 07, 2020
CVSS 9.8
EPSS 0.90
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters