apache
3,096 tracked vulnerabilities.
CVE-2019-12406
MEDIUM
Apache CXF < 3.2.11 - Denial of Service via Unrestricted Message Attachments
Nov 06, 2019
CVSS 6.5
EPSS 0.06
CVE-2019-10084
HIGH
Apache Impala 2.7.0-3.2.0 - Auth Bypass
Nov 05, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-12417
MEDIUM
Apache Airflow < 1.10.5 - Authenticated Stored Cross-Site Scripting and Local File Disclosure
Oct 30, 2019
CVSS 4.8
EPSS 0.01
CVE-2019-0210
HIGH
Apache Thrift 0.9.3-0.12.0 - Out-of-bounds Read via Invalid JSON Input
Oct 29, 2019
CVSS 7.5
EPSS 0.07
CVE-2019-0205
HIGH
Apache Thrift <= 0.12.0 - Denial of Service via Infinite Loop
Oct 29, 2019
CVSS 7.5
EPSS 0.09
CVE-2019-12415
MEDIUM
Apache POI < 4.1.0 - XML External Entity Injection via XSSFExportToXml
Oct 23, 2019
CVSS 5.5
EPSS 0.01
CVE-2019-10079
HIGH
Apache Traffic Server <7.1.7-8.0.4 - DoS
Oct 22, 2019
CVSS 7.5
EPSS 0.05
CVE-2019-17195
CRITICAL
Connect2id Nimbus JOSE+JWT < 7.9 - Denial of Service and Authentication Bypass via JWT Parsing
Oct 15, 2019
CVSS 9.8
EPSS 0.11
CVE-2019-17359
HIGH
Bouncycastle Bc-java < 3.0.2.1 - Resource Allocation Without Limits
Oct 08, 2019
CVSS 7.5
EPSS 0.09
CVE-2019-0231
HIGH
Apache MINA < 2.0.21 and 2.1.0 - Cleartext Transmission of Sensitive Information via SSL/TLS Connection Handling
Oct 01, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-10097
HIGH
Apache HTTP Server 2.4.32-2.4.39 - Buffer Overflow
Sep 26, 2019
CVSS 7.2
EPSS 0.53
CVE-2019-10092
MEDIUM
NUCLEI
Apache HTTP Server 2.4.0-2.4.39 - Cross-Site Scripting in mod_proxy Error Page
Sep 26, 2019
CVSS 6.1
EPSS 0.81
CVE-2019-10082
CRITICAL
Apache HTTP Server <2.4.40 - Use After Free
Sep 26, 2019
CVSS 9.1
EPSS 0.17
CVE-2019-0203
HIGH
Apache Subversion <= 1.9.10, 1.10.4, 1.12.0 - Denial of Service via Protocol Command Sequence
Sep 26, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-10098
MEDIUM
NUCLEI
Apache HTTP Server 2.4.0-2.4.39 - Open Redirect via Encoded Newlines in mod_rewrite
Sep 25, 2019
CVSS 6.1
EPSS 0.74
CVE-2019-12407
MEDIUM
Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Remember Parameter
Sep 23, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10090
MEDIUM
Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Plugin Link Invocation
Sep 23, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-12404
MEDIUM
Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Plugin Link Invocation
Sep 23, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10089
MEDIUM
Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via WYSIWYG Editor Plugin Link
Sep 23, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10087
MEDIUM
Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Plugin Link Invocation
Sep 23, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10071
CRITICAL
Apache Tapestry - Timing Side Channel in HMAC Verification
Sep 16, 2019
CVSS 9.8
EPSS 0.09
CVE-2019-0207
HIGH
Apache Tapestry 5.4.0-5.4.4 and tapestry-core 5.4.0-5.4.5 - Path Traversal via Backslash Character
Sep 16, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-0195
CRITICAL
Apache Tapestry 5.4.0-5.4.2 and 5.4.0-5.4.4 - Remote Code Execution via Classpath Asset File URL Manipulation
Sep 16, 2019
CVSS 9.8
EPSS 0.15
CVE-2019-10074
CRITICAL
Apache OFBiz 16.11.01-16.11.04 - Remote Code Execution via Freemarker Markup in Form Widget Textarea
Sep 11, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-10073
MEDIUM
Apache OFBiz 16.11.01-16.11.05 - Stored Cross-Site Scripting in ecommerce Template Screens
Sep 11, 2019
CVSS 6.1
EPSS 0.05
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters