apache

3,096 tracked vulnerabilities.

CVE-2019-12399 HIGH
Apache Kafka <2.3.0 - Info Disclosure
Jan 14, 2020
CVSS 7.5
EPSS 0.04
CVE-2019-0219 CRITICAL
Cordova InAppBrowser < 3.0.0 - Arbitrary JavaScript Execution via gap-iab URI
Jan 14, 2020
CVSS 9.8
EPSS 0.08
CVE-2019-17558 HIGH KEVNUCLEI
Apache Solr 5.0.0-8.3.1 - Remote Code Execution via Velocity Template Injection
Dec 30, 2019
CVSS 7.5
EPSS 0.99
CVE-2019-19924 MEDIUM
SQLite 3.30.1 - Denial of Service via Incorrect Parser-Tree Rewriting
Dec 24, 2019
CVSS 5.3
EPSS 0.08
CVE-2019-12418 HIGH
Apache Tomcat <9.0.29, 8.5.48, 7.0.98 - RCE
Dec 23, 2019
CVSS 7.0
EPSS 0.01
CVE-2019-17563 HIGH
Apache Tomcat <9.0.29, 8.5.49, 7.0.98 - Session Fixation
Dec 23, 2019
CVSS 7.5
EPSS 0.11
CVE-2019-17571 CRITICAL
Apache Log4j <= 1.2.17 - Deserialization of Untrusted Data via SocketServer
Dec 20, 2019
CVSS 9.8
EPSS 0.69
CVE-2019-19906 HIGH
cyrus-sasl < 2.1.28 - Unauthenticated Denial of Service via Malformed LDAP Packet
Dec 19, 2019
CVSS 7.5
EPSS 0.08
CVE-2019-12414 MEDIUM
Apache Superset < 0.32 - Unauthorized Database Name Exposure in SQLLab Dropdown
Dec 16, 2019
CVSS 5.3
EPSS 0.03
CVE-2019-12413 MEDIUM
Apache Incubator Superset <0.31 - Info Disclosure
Dec 16, 2019
CVSS 5.3
EPSS 0.03
CVE-2019-12420 HIGH
Apache SpamAssassin < 3.4.3 - Uncontrolled Resource Consumption
Dec 12, 2019
CVSS 7.5
EPSS 0.07
CVE-2019-19603 HIGH
SQLite 3.30.1 - Denial of Service via SELECT with Nonexistent VIEW
Dec 09, 2019
CVSS 7.5
EPSS 0.08
CVE-2019-17555 HIGH
Apache Olingo 4.0.0-4.6.0 - Denial of Service via Retry-After Header
Dec 04, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-17556 CRITICAL
Apache Olingo 4.0.0-4.6.0 - Deserialization of Untrusted Data in AbstractService
Dec 04, 2019
CVSS 9.8
EPSS 0.04
CVE-2019-17554 MEDIUM
Apache Olingo 4.0.0-4.6.0 - XML External Entity Injection via XML Content Type Deserialization
Dec 04, 2019
CVSS 5.5
EPSS 0.12
CVE-2019-12421 HIGH
Apache NiFi 1.0.0-1.9.2 - Insufficient Session Expiration via Logout
Nov 19, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10083 MEDIUM
Apache NiFi 1.3.0-1.9.2 - Unauthorized Sensitive Information Exposure via Process Group API
Nov 19, 2019
CVSS 5.3
EPSS 0.03
CVE-2019-10080 MEDIUM
Apache NiFi 1.3.0-1.9.2 - XML External Entity Injection in XMLFileLookupService
Nov 19, 2019
CVSS 6.5
EPSS 0.02
CVE-2019-12422 HIGH
Apache Shiro <1.4.2 - Info Disclosure
Nov 18, 2019
CVSS 7.5
EPSS 0.09
CVE-2019-12409 CRITICAL
Apache Solr 8.1.1-8.2.0 - Unauthenticated Remote Code Execution via Insecure JMX Configuration
Nov 18, 2019
CVSS 9.8
EPSS 0.22
CVE-2019-10070 MEDIUM
Apache Atlas 0.8.3 and 1.1.0 - Stored Cross-Site Scripting in Search Functionality
Nov 18, 2019
CVSS 6.1
EPSS 0.02
CVE-2019-10172 HIGH
org.codehaus.jackson:jackson-mapper-asl:1.9.x - XXE
Nov 18, 2019
CVSS 7.5
EPSS 0.17
CVE-2019-12410 HIGH
Apache Arrow <0.14.1 - Memory Corruption
Nov 08, 2019
CVSS 7.5
EPSS 0.05
CVE-2019-12408 HIGH
Apache Arrow <0.14.1 - Memory Corruption
Nov 08, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-12419 CRITICAL
Oracle Retail Order Broker - Incorrect Authorization in OpenId Connect Access Token Service
Nov 06, 2019
CVSS 9.8
EPSS 0.14