apache

2,905 tracked vulnerabilities.

CVE-2016-4461 HIGH
Apache Struts 2.0.0-2.3.28 - Remote Code Execution via Forced Double OGNL Evaluation
Oct 16, 2017
CVSS 8.8
EPSS 0.02
CVE-2016-8734 MEDIUM
Apache Subversion <1.8.16, <1.9.4 - DoS
Oct 16, 2017
CVSS 6.5
EPSS 0.13
CVE-2016-6815 MEDIUM
Apache Ranger < 0.6.2 - Unauthorized Password Change for Admin Users
Oct 13, 2017
CVSS 6.5
EPSS 0.00
CVE-2016-8736 CRITICAL
Apache OpenMeetings < 3.1.2 - Remote Code Execution via RMI Deserialization
Oct 12, 2017
CVSS 9.8
EPSS 0.06
CVE-2016-6806 HIGH
Apache Wicket 6.x < 6.25.0, 7.x < 7.5.0, 8.0.0-M1 - Cross-Site Request Forgery
Oct 03, 2017
CVSS 8.8
EPSS 0.00
CVE-2016-4434 HIGH
Apache Tika < 1.13 - XML External Entity Injection via OOXML Spreadsheets and XMP Metadata
Sep 30, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-8738 MEDIUM
Apache Struts 2.5-2.5.5 - Denial of Service via URLValidator
Sep 20, 2017
CVSS 5.9
EPSS 0.01
CVE-2016-6795 CRITICAL
Apache Struts 2.3.x < 2.3.31 and 2.5.x < 2.5.5 - Remote Code Execution via Path Traversal
Sep 20, 2017
CVSS 9.8
EPSS 0.05
CVE-2016-8744 HIGH
Apache Brooklyn <0.10.0 - Code Injection
Sep 13, 2017
CVSS 8.8
EPSS 0.00
CVE-2016-8737 HIGH
Apache Brooklyn < 0.10.0 - Cross-Site Request Forgery
Sep 13, 2017
CVSS 8.8
EPSS 0.00
CVE-2016-3086 CRITICAL
Apache Hadoop 2.6.0-2.6.4 and 2.7.0-2.7.2 - Unauthorized Sensitive Information Exposure via YARN NodeManager
Sep 05, 2017
CVSS 9.8
EPSS 0.01
CVE-2016-5001 MEDIUM
Apache Hadoop < 2.6.4 and 2.7.0-2.7.1 - Unauthorized File Read via Short-Circuit Reads Token Guessing
Aug 30, 2017
CVSS 5.5
EPSS 0.00
CVE-2016-6800 MEDIUM
Apache OFBiz - Stored Cross-Site Scripting in Blog Article Summary and Content Fields
Aug 30, 2017
CVSS 6.1
EPSS 0.01
CVE-2016-4462 HIGH
Apache OFBiz - Authenticated Remote Code Execution via ExternalLoginKey Freemarker Injection
Aug 30, 2017
CVSS 8.8
EPSS 0.01
CVE-2016-8752 HIGH
Apache Atlas <0.8 - Info Disclosure
Aug 29, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-4460 CRITICAL
Apache Pony Mail 0.6c-0.8b - Unauthenticated Authentication Bypass
Aug 22, 2017
CVSS 9.8
EPSS 0.01
CVE-2016-6796 HIGH
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Auth ...
Aug 11, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-8745 HIGH
Apache Tomcat <9.0.0.M14, 8.5.9, 8.0.40, 7.0.74, 6.0.49 - Info Disc...
Aug 10, 2017
CVSS 7.5
EPSS 0.11
CVE-2016-6817 HIGH
Apache Tomcat 8.5.0-8.5.6 and 9.0.0.M1-9.0.0.M11 - Denial of Service via HTTP/2 Header Parser
Aug 10, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-6797 HIGH
Apache Tomcat 6.0.0-6.0.45, 7.0.0-7.0.70, 8.0.0.RC1-8.0.36, 8.5.0-8.5.4, 9.0.0.M1-9.0.0.M9 - Incorrect Authorization
Aug 10, 2017
CVSS 7.5
EPSS 0.00
CVE-2016-8739 HIGH
Apache CXF <3.0.12, <3.1.9 - Info Disclosure
Aug 10, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-6812 MEDIUM
Apache CXF < 3.0.12 and 3.1.x < 3.1.9 - Cross-Site Scripting via Matrix Parameters in HTTP Transport Module
Aug 10, 2017
CVSS 6.1
EPSS 0.09
CVE-2016-6794 MEDIUM
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Info ...
Aug 10, 2017
CVSS 5.3
EPSS 0.00
CVE-2016-5018 CRITICAL
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Auth ...
Aug 10, 2017
CVSS 9.1
EPSS 0.01
CVE-2016-0762 MEDIUM
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Info ...
Aug 10, 2017
CVSS 5.9
EPSS 0.01
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV