apache

3,096 tracked vulnerabilities.

CVE-2020-1954 MEDIUM
Apache CXF < 3.2.13 - Man-in-the-Middle Attack via JMX InstrumentationManager
Apr 01, 2020
CVSS 5.3
EPSS 0.06
CVE-2020-1934 MEDIUM
Apache HTTP Server 2.4.0-2.4.41 - Use of Uninitialized Resource in mod_proxy_ftp
Apr 01, 2020
CVSS 5.3
EPSS 0.52
CVE-2020-1949 MEDIUM
Sling CMS < 0.16.0 - Reflected Cross-Site Scripting via Sling Selector
Apr 01, 2020
CVSS 6.1
EPSS 0.02
CVE-2020-1943 MEDIUM NUCLEI
Apache OFBiz 16.11.01-16.11.07 - Cross-Site Scripting via Unsanitized contentId Parameter
Apr 01, 2020
CVSS 6.1
EPSS 0.97
CVE-2020-1957 CRITICAL
Apache Shiro < 1.5.2 - Authentication Bypass via Spring Dynamic Controllers
Mar 25, 2020
CVSS 9.8
EPSS 0.24
CVE-2020-1944 CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling
Mar 23, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-1951 MEDIUM
Apache Tika 1.0-1.23 - Denial of Service via Crafted PSD File
Mar 23, 2020
CVSS 5.5
EPSS 0.03
CVE-2020-1950 MEDIUM
Apache Tika 1.0-1.23 - Uncontrolled Resource Consumption in PSDParser
Mar 23, 2020
CVSS 5.5
EPSS 0.03
CVE-2020-1953 CRITICAL
Apache Commons Configuration <2.7 - Code Injection
Mar 13, 2020
CVSS 10.0
EPSS 0.07
CVE-2020-1947 CRITICAL
Apache ShardingSphere 4.0.0-RC3-4.0.0 - Remote Code Execution via SnakeYAML Deserialization
Mar 11, 2020
CVSS 9.8
EPSS 0.34
CVE-2020-1938 CRITICAL KEVNUCLEI
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.0.30 - Remote Code Execution via AJP File Read and JSP Processing
Feb 24, 2020
CVSS 9.8
EPSS 0.99
CVE-2020-1935 MEDIUM
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.30 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
Feb 24, 2020
CVSS 4.8
EPSS 0.09
CVE-2020-1937 HIGH
Apache Kylin 2.3.0-2.3.1 and 2.6.0-2.6.4 - SQL Injection via RESTful API Input
Feb 24, 2020
CVSS 8.8
EPSS 0.03
CVE-2020-1942 HIGH
Apache NiFi 0.0.1-1.11.0 - Sensitive Information Disclosure in Flow Fingerprint Logs
Feb 11, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-5529 HIGH
HtmlUnit < 2.37.0 - Remote Code Execution via Improper Rhino Engine Initialization
Feb 11, 2020
CVSS 8.1
EPSS 0.05
CVE-2020-1931 HIGH
Apache SpamAssassin < 3.4.3 - OS Command Injection via Configuration Files
Jan 30, 2020
CVSS 8.1
EPSS 0.06
CVE-2020-1930 HIGH
Apache SpamAssassin < 3.4.3 - OS Command Injection via Rule Configuration Files
Jan 30, 2020
CVSS 8.1
EPSS 0.07
CVE-2020-1940 HIGH
Apache Jackrabbit Oak 1.2.0-1.22.0 - Sensitive Information Disclosure via Password Change Feature
Jan 28, 2020
CVSS 7.5
EPSS 0.05
CVE-2020-1933 MEDIUM
Apache NiFi 1.0.0-1.10.0 - Cross-Site Scripting via Firefox UI Injection
Jan 28, 2020
CVSS 6.1
EPSS 0.03
CVE-2020-1932 MEDIUM
Apache Superset 0.34.0-0.35.1 - Authenticated Information Disclosure via Undocumented API Endpoint
Jan 28, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-1928 MEDIUM
Apache NiFi 1.10.0 - Sensitive Information Disclosure in Parameter Parser
Jan 28, 2020
CVSS 5.3
EPSS 0.04
CVE-2020-1929 HIGH
Apache Beam 2.10.0-2.16.0 - Improper Certificate Validation in MongoDB Connector
Jan 15, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-1925 HIGH
Apache Olingo 4.0.0-4.7.0 - Server-Side Request Forgery via Location Header
Jan 09, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-5499 CRITICAL
Baidu Rust SGX SDK <1.0.8 - Use After Free
Jan 04, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-10095 CRITICAL
Apache Zeppelin <0.9.0 - Command Injection
Sep 02, 2021
CVSS 9.8
EPSS 0.06