apache

3,096 tracked vulnerabilities.

CVE-2019-12406 MEDIUM
Apache CXF < 3.2.11 - Denial of Service via Unrestricted Message Attachments
Nov 06, 2019
CVSS 6.5
EPSS 0.06
CVE-2019-10084 HIGH
Apache Impala 2.7.0-3.2.0 - Auth Bypass
Nov 05, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-12417 MEDIUM
Apache Airflow < 1.10.5 - Authenticated Stored Cross-Site Scripting and Local File Disclosure
Oct 30, 2019
CVSS 4.8
EPSS 0.01
CVE-2019-0210 HIGH
Apache Thrift 0.9.3-0.12.0 - Out-of-bounds Read via Invalid JSON Input
Oct 29, 2019
CVSS 7.5
EPSS 0.07
CVE-2019-0205 HIGH
Apache Thrift <= 0.12.0 - Denial of Service via Infinite Loop
Oct 29, 2019
CVSS 7.5
EPSS 0.09
CVE-2019-12415 MEDIUM
Apache POI < 4.1.0 - XML External Entity Injection via XSSFExportToXml
Oct 23, 2019
CVSS 5.5
EPSS 0.01
CVE-2019-10079 HIGH
Apache Traffic Server <7.1.7-8.0.4 - DoS
Oct 22, 2019
CVSS 7.5
EPSS 0.05
CVE-2019-17195 CRITICAL
Connect2id Nimbus JOSE+JWT < 7.9 - Denial of Service and Authentication Bypass via JWT Parsing
Oct 15, 2019
CVSS 9.8
EPSS 0.11
CVE-2019-17359 HIGH
Bouncycastle Bc-java < 3.0.2.1 - Resource Allocation Without Limits
Oct 08, 2019
CVSS 7.5
EPSS 0.09
CVE-2019-0231 HIGH
Apache MINA < 2.0.21 and 2.1.0 - Cleartext Transmission of Sensitive Information via SSL/TLS Connection Handling
Oct 01, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-10097 HIGH
Apache HTTP Server 2.4.32-2.4.39 - Buffer Overflow
Sep 26, 2019
CVSS 7.2
EPSS 0.53
CVE-2019-10092 MEDIUM NUCLEI
Apache HTTP Server 2.4.0-2.4.39 - Cross-Site Scripting in mod_proxy Error Page
Sep 26, 2019
CVSS 6.1
EPSS 0.81
CVE-2019-10082 CRITICAL
Apache HTTP Server <2.4.40 - Use After Free
Sep 26, 2019
CVSS 9.1
EPSS 0.17
CVE-2019-0203 HIGH
Apache Subversion <= 1.9.10, 1.10.4, 1.12.0 - Denial of Service via Protocol Command Sequence
Sep 26, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-10098 MEDIUM NUCLEI
Apache HTTP Server 2.4.0-2.4.39 - Open Redirect via Encoded Newlines in mod_rewrite
Sep 25, 2019
CVSS 6.1
EPSS 0.74
CVE-2019-12407 MEDIUM
Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Remember Parameter
Sep 23, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10090 MEDIUM
Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Plugin Link Invocation
Sep 23, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-12404 MEDIUM
Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Plugin Link Invocation
Sep 23, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10089 MEDIUM
Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via WYSIWYG Editor Plugin Link
Sep 23, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10087 MEDIUM
Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Plugin Link Invocation
Sep 23, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10071 CRITICAL
Apache Tapestry - Timing Side Channel in HMAC Verification
Sep 16, 2019
CVSS 9.8
EPSS 0.09
CVE-2019-0207 HIGH
Apache Tapestry 5.4.0-5.4.4 and tapestry-core 5.4.0-5.4.5 - Path Traversal via Backslash Character
Sep 16, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-0195 CRITICAL
Apache Tapestry 5.4.0-5.4.2 and 5.4.0-5.4.4 - Remote Code Execution via Classpath Asset File URL Manipulation
Sep 16, 2019
CVSS 9.8
EPSS 0.15
CVE-2019-10074 CRITICAL
Apache OFBiz 16.11.01-16.11.04 - Remote Code Execution via Freemarker Markup in Form Widget Textarea
Sep 11, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-10073 MEDIUM
Apache OFBiz 16.11.01-16.11.05 - Stored Cross-Site Scripting in ecommerce Template Screens
Sep 11, 2019
CVSS 6.1
EPSS 0.05