apache
3,096 tracked vulnerabilities.
CVE-2019-12399
HIGH
Apache Kafka <2.3.0 - Info Disclosure
Jan 14, 2020
CVSS 7.5
EPSS 0.04
CVE-2019-0219
CRITICAL
Cordova InAppBrowser < 3.0.0 - Arbitrary JavaScript Execution via gap-iab URI
Jan 14, 2020
CVSS 9.8
EPSS 0.08
CVE-2019-17558
HIGH
KEVNUCLEI
Apache Solr 5.0.0-8.3.1 - Remote Code Execution via Velocity Template Injection
Dec 30, 2019
CVSS 7.5
EPSS 0.99
CVE-2019-19924
MEDIUM
SQLite 3.30.1 - Denial of Service via Incorrect Parser-Tree Rewriting
Dec 24, 2019
CVSS 5.3
EPSS 0.08
CVE-2019-12418
HIGH
Apache Tomcat <9.0.29, 8.5.48, 7.0.98 - RCE
Dec 23, 2019
CVSS 7.0
EPSS 0.01
CVE-2019-17563
HIGH
Apache Tomcat <9.0.29, 8.5.49, 7.0.98 - Session Fixation
Dec 23, 2019
CVSS 7.5
EPSS 0.11
CVE-2019-17571
CRITICAL
Apache Log4j <= 1.2.17 - Deserialization of Untrusted Data via SocketServer
Dec 20, 2019
CVSS 9.8
EPSS 0.69
CVE-2019-19906
HIGH
cyrus-sasl < 2.1.28 - Unauthenticated Denial of Service via Malformed LDAP Packet
Dec 19, 2019
CVSS 7.5
EPSS 0.08
CVE-2019-12414
MEDIUM
Apache Superset < 0.32 - Unauthorized Database Name Exposure in SQLLab Dropdown
Dec 16, 2019
CVSS 5.3
EPSS 0.03
CVE-2019-12413
MEDIUM
Apache Incubator Superset <0.31 - Info Disclosure
Dec 16, 2019
CVSS 5.3
EPSS 0.03
CVE-2019-12420
HIGH
Apache SpamAssassin < 3.4.3 - Uncontrolled Resource Consumption
Dec 12, 2019
CVSS 7.5
EPSS 0.07
CVE-2019-19603
HIGH
SQLite 3.30.1 - Denial of Service via SELECT with Nonexistent VIEW
Dec 09, 2019
CVSS 7.5
EPSS 0.08
CVE-2019-17555
HIGH
Apache Olingo 4.0.0-4.6.0 - Denial of Service via Retry-After Header
Dec 04, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-17556
CRITICAL
Apache Olingo 4.0.0-4.6.0 - Deserialization of Untrusted Data in AbstractService
Dec 04, 2019
CVSS 9.8
EPSS 0.04
CVE-2019-17554
MEDIUM
Apache Olingo 4.0.0-4.6.0 - XML External Entity Injection via XML Content Type Deserialization
Dec 04, 2019
CVSS 5.5
EPSS 0.12
CVE-2019-12421
HIGH
Apache NiFi 1.0.0-1.9.2 - Insufficient Session Expiration via Logout
Nov 19, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10083
MEDIUM
Apache NiFi 1.3.0-1.9.2 - Unauthorized Sensitive Information Exposure via Process Group API
Nov 19, 2019
CVSS 5.3
EPSS 0.03
CVE-2019-10080
MEDIUM
Apache NiFi 1.3.0-1.9.2 - XML External Entity Injection in XMLFileLookupService
Nov 19, 2019
CVSS 6.5
EPSS 0.02
CVE-2019-12422
HIGH
Apache Shiro <1.4.2 - Info Disclosure
Nov 18, 2019
CVSS 7.5
EPSS 0.09
CVE-2019-12409
CRITICAL
Apache Solr 8.1.1-8.2.0 - Unauthenticated Remote Code Execution via Insecure JMX Configuration
Nov 18, 2019
CVSS 9.8
EPSS 0.22
CVE-2019-10070
MEDIUM
Apache Atlas 0.8.3 and 1.1.0 - Stored Cross-Site Scripting in Search Functionality
Nov 18, 2019
CVSS 6.1
EPSS 0.02
CVE-2019-10172
HIGH
org.codehaus.jackson:jackson-mapper-asl:1.9.x - XXE
Nov 18, 2019
CVSS 7.5
EPSS 0.17
CVE-2019-12410
HIGH
Apache Arrow <0.14.1 - Memory Corruption
Nov 08, 2019
CVSS 7.5
EPSS 0.05
CVE-2019-12408
HIGH
Apache Arrow <0.14.1 - Memory Corruption
Nov 08, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-12419
CRITICAL
Oracle Retail Order Broker - Incorrect Authorization in OpenId Connect Access Token Service
Nov 06, 2019
CVSS 9.8
EPSS 0.14
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters