apache

3,096 tracked vulnerabilities.

CVE-2020-11984 CRITICAL NUCLEI
Apache HTTP Server - Remote Code Execution
Aug 07, 2020
CVSS 9.8
EPSS 0.90
CVE-2020-13921 CRITICAL
Apache SkyWalking < 8.1.0 - SQL Injection via Wildcard Query
Aug 05, 2020
CVSS 9.8
EPSS 0.33
CVE-2020-13932 MEDIUM
Apache ActiveMQ Artemis 2.5.0-2.13.0 - Cross-Site Scripting via MQTT Client-ID or Topic Name
Jul 20, 2020
CVSS 6.1
EPSS 0.04
CVE-2020-9485 MEDIUM
Apache Airflow < 1.10.10 - Stored Cross-Site Scripting in Chart Pages
Jul 17, 2020
CVSS 6.1
EPSS 0.02
CVE-2020-11983 MEDIUM
Apache Airflow < 1.10.10 - Authenticated Stored Cross-Site Scripting in RBAC UI
Jul 17, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-11982 CRITICAL
Apache Airflow < 1.10.10 - Remote Code Execution via CeleryExecutor Deserialization
Jul 17, 2020
CVSS 9.8
EPSS 0.07
CVE-2020-11981 CRITICAL NUCLEI
Apache Airflow < 1.10.10 - OS Command Injection via CeleryExecutor
Jul 17, 2020
CVSS 9.8
EPSS 0.34
CVE-2020-11978 HIGH KEVNUCLEI
Apache Airflow < 1.10.11 - Authenticated Remote Code Execution via Example DAG
Jul 17, 2020
CVSS 8.8
EPSS 0.99
CVE-2020-9496 MEDIUM NUCLEI
Apache OFBiz 17.12.03 - Deserialization of Untrusted Data and Cross-Site Scripting via XML-RPC Requests
Jul 15, 2020
CVSS 6.1
EPSS 0.99
CVE-2020-13923 MEDIUM
Apache OFBiz < 17.12.04 - Insecure Direct Object Reference in Ecommerce Order Processing
Jul 15, 2020
CVSS 5.3
EPSS 0.05
CVE-2020-13935 HIGH NUCLEI
Apache Tomcat 7.0.27-7.0.104, 8.5.0-8.5.56, 9.0.0.M1-9.0.36, 10.0.0-M1-M6 DoS via WebSocket Frame Payload Length
Jul 14, 2020
CVSS 7.5
EPSS 0.88
CVE-2020-13934 HIGH
Apache Tomcat 8.5.1-8.5.56, 9.0.0.M5-9.0.36, 10.0.0-M1-10.0.0-M6 - Denial of Service via h2c Direct Connection
Jul 14, 2020
CVSS 7.5
EPSS 0.64
CVE-2020-1948 CRITICAL
Apache Dubbo < 2.7.7 - Remote Code Execution via Untrusted Data Deserialization
Jul 14, 2020
CVSS 9.8
EPSS 0.14
CVE-2020-13926 CRITICAL
Apache Kylin 2.0.0-3.0.9 - SQL Injection via REST API Configuration Overwrite
Jul 14, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-13925 CRITICAL
Apache Kylin 2.3.0-3.0.9 - OS Command Injection via RESTful API
Jul 14, 2020
CVSS 9.8
EPSS 0.20
CVE-2020-11994 HIGH
Apache Camel 2.22.0-2.22.5 - Server-Side Template Injection and Arbitrary File Disclosure
Jul 08, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-9498 MEDIUM
Apache Guacamole < 1.1.0 - Memory Corruption via RDP Static Virtual Channel
Jul 02, 2020
CVSS 6.7
EPSS 0.01
CVE-2020-9497 MEDIUM
Apache Guacamole < 1.1.0 - Information Disclosure via RDP Static Virtual Channel Data
Jul 02, 2020
CVSS 4.4
EPSS 0.01
CVE-2020-9483 HIGH NUCLEI
Apache SkyWalking 6.0.0-6.6.0 - SQL Injection via GraphQL Metadata Query
Jun 30, 2020
CVSS 7.5
EPSS 0.35
CVE-2020-8022 HIGH
tomcat - Incorrect Default Permissions
Jun 29, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-11996 HIGH
Apache Tomcat <10.0.0-M6, <9.0.36, <8.5.56 - DoS
Jun 26, 2020
CVSS 7.5
EPSS 0.27
CVE-2020-10727 MEDIUM
ActiveMQ Artemis <2.12.0 - Info Disclosure
Jun 26, 2020
CVSS 5.5
EPSS 0.01
CVE-2020-9494 HIGH
Apache Traffic Server < 6.2.3 - Resource Allocation Without Limits
Jun 24, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-9480 CRITICAL NUCLEI
Apache Spark <= 2.4.5 - Unauthenticated Remote Code Execution via Standalone Resource Manager
Jun 23, 2020
CVSS 9.8
EPSS 0.29
CVE-2020-11989 CRITICAL
Apache Shiro < 1.5.3 - Authentication Bypass via Spring Dynamic Controllers
Jun 22, 2020
CVSS 9.8
EPSS 0.24