apache

3,095 tracked vulnerabilities.

CVE-2020-13955 MEDIUM
Apache Calcite < 1.26 - Improper Certificate Validation in HttpUtils#getURLConnection
Oct 09, 2020
CVSS 5.9
EPSS 0.02
CVE-2020-9491 HIGH
Apache NiFi 1.2.0-1.11.4 - Use of a Broken or Risky Cryptographic Algorithm
Oct 01, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-9487 HIGH
Apache NiFi 1.0.0-1.11.4 - Unauthenticated Denial of Service via Download Token Flooding
Oct 01, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-9486 HIGH
Apache NiFi 1.10.0-1.11.4 - Sensitive Information Disclosure in Stateless Execution Engine Logs
Oct 01, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-13940 MEDIUM
Apache NiFi 1.0.0-1.11.4 - XML External Entity Injection via Malicious XML Configuration
Oct 01, 2020
CVSS 5.5
EPSS 0.02
CVE-2020-11979 HIGH
Apache Ant <1.10.8 - Code Injection
Oct 01, 2020
CVSS 7.5
EPSS 0.08
CVE-2020-13952 HIGH
Apache Superset < 0.37.2 - Authenticated Information Disclosure and Security Bypass
Sep 30, 2020
CVSS 8.1
EPSS 0.02
CVE-2020-13953 MEDIUM
Apache Tapestry <5.5.0 - Info Disclosure
Sep 30, 2020
CVSS 5.3
EPSS 0.03
CVE-2020-13951 HIGH
Apache OpenMeetings 4.0.0-5.0.0 - Denial of Service via NetTest Web Service
Sep 30, 2020
CVSS 7.5
EPSS 0.70
CVE-2020-13944 MEDIUM
Apache Airflow < 1.10.12 - Cross-Site Scripting via Origin Parameter
Sep 17, 2020
CVSS 6.1
EPSS 0.25
CVE-2020-13948 HIGH
Apache Superset <0.37.1 - Privilege Escalation
Sep 17, 2020
CVSS 8.8
EPSS 0.03
CVE-2020-13928 MEDIUM
Apache Atlas < 2.1.0 - Stored Cross-Site Scripting via Search and Element Rendering
Sep 16, 2020
CVSS 6.1
EPSS 0.03
CVE-2020-11977 HIGH
Apache Syncope 2.1.0-2.1.6 - Authenticated Remote Code Execution via Flowable Shell Service Task
Sep 15, 2020
CVSS 7.2
EPSS 0.03
CVE-2020-11991 HIGH NUCLEI
Apache Cocoon 2.1.12 - XML Injection
Sep 11, 2020
CVSS 7.5
EPSS 0.72
CVE-2020-13920 MEDIUM
Apache ActiveMQ < 5.15.12 - Unauthenticated JMX RMI Registry Manipulation
Sep 10, 2020
CVSS 5.9
EPSS 0.05
CVE-2020-11998 CRITICAL
Apache ActiveMQ JMX RMIConnectorServer - Remote Code Execution
Sep 10, 2020
CVSS 9.8
EPSS 0.51
CVE-2020-11986 CRITICAL
Apache NetBeans <12.0 - Code Injection
Sep 09, 2020
CVSS 9.8
EPSS 0.10
CVE-2020-13946 MEDIUM
Apache Cassandra < 2.1.22, 2.2.18, 3.0.22, 3.11.8, 4.0-beta2 - Credential Exposure via JMX RMI
Sep 01, 2020
CVSS 5.9
EPSS 0.03
CVE-2020-13933 HIGH
Apache Shiro < 1.6.0 - Authentication Bypass via Specially Crafted HTTP Request
Aug 17, 2020
CVSS 7.5
EPSS 0.48
CVE-2020-13941 HIGH
Apache Solr < 8.6.0 - Unauthenticated Arbitrary File Read and Write via Replication Handler Location Parameter
Aug 17, 2020
CVSS 8.8
EPSS 0.04
CVE-2020-11976 HIGH
Apache Wicket <9.0.0-M5 - Info Disclosure
Aug 11, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-9490 HIGH
Apache HTTP Server 2.4.20-2.4.43 - Denial of Service via Crafted Cache-Digest Header
Aug 07, 2020
CVSS 7.5
EPSS 0.90
CVE-2020-11993 HIGH
Apache HTTP Server 2.4.20-2.4.43 - HTTP Request Smuggling via HTTP/2 Module Logging
Aug 07, 2020
CVSS 7.5
EPSS 0.59
CVE-2020-11985 MEDIUM
Apache HTTP Server 2.4.1-2.4.23 - IP Address Spoofing via mod_remoteip and mod_rewrite
Aug 07, 2020
CVSS 5.3
EPSS 0.07
CVE-2020-11984 CRITICAL NUCLEI
Apache HTTP Server - Remote Code Execution
Aug 07, 2020
CVSS 9.8
EPSS 0.90