apache
2,905 tracked vulnerabilities.
CVE-2016-9774
HIGH
Debian Linux - Symlink Following
Mar 23, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-6816
HIGH
Apache Tomcat 6.0.0-6.0.47, 7.0.0-7.0.72, 8.0.0.RC1-8.0.38, 8.5.0-8.5.6, 9.0.0.M1-9.0.0.M11 - HTTP Response Injection
Mar 20, 2017
CVSS 7.1
EPSS 0.03
CVE-2016-8747
HIGH
Apache Tomcat <9.0.0.M16 - Info Disclosure
Mar 14, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-1566
MEDIUM
Guacamole 0.9.8-0.9.9 - Authenticated Stored Cross-Site Scripting via File Browser Filename
Feb 02, 2017
CVSS 5.4
EPSS 0.00
CVE-2016-6497
HIGH
Apache Groovy LDAP - LDAP Entry Poisoning via returnObjFlag Setting
Jan 18, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-8740
HIGH
Apache HTTP Server 2.4.17-2.4.23 - DoS
Dec 05, 2016
CVSS 7.5
EPSS 0.68
CVE-2016-5393
HIGH
Apache Hadoop 2.6.x < 2.6.5, 2.7.x < 2.7.3 - Authenticated Remote Code Execution
Nov 29, 2016
CVSS 8.8
EPSS 0.03
CVE-2016-1000031
CRITICAL
Apache Commons FileUpload <1.3.3 - RCE
Oct 25, 2016
CVSS 9.8
EPSS 0.56
CVE-2016-6325
HIGH
Tomcat - Privilege Escalation via Weak File Permissions
Oct 13, 2016
CVSS 7.8
EPSS 0.00
CVE-2016-5425
HIGH
Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation
Oct 13, 2016
CVSS 7.8
EPSS 0.12
CVE-2016-5019
CRITICAL
Apache MyFaces Trinidad Deserialization of Untrusted Data via Serialized View State
Oct 03, 2016
CVSS 9.8
EPSS 0.06
CVE-2016-4436
CRITICAL
Apache Struts 2 <2.3.29, <2.5.1 - Info Disclosure
Oct 03, 2016
CVSS 9.8
EPSS 0.06
CVE-2016-1240
HIGH
Apache Tomcat on Ubuntu Log Init Privilege Escalation
Oct 03, 2016
CVSS 7.8
EPSS 0.22
CVE-2016-4978
HIGH
Apache ActiveMQ Artemis < 1.4.0 - Authenticated Remote Code Execution via JMS ObjectMessage Deserialization
Sep 27, 2016
CVSS 7.2
EPSS 0.01
CVE-2016-5395
MEDIUM
Apache Ranger < 0.6.1 - Authenticated Stored Cross-Site Scripting in Policy Admin Tool
Sep 26, 2016
CVSS 4.8
EPSS 0.00
CVE-2016-4464
CRITICAL
Apache CXF Fediz 1.2.0-1.2.2 and 1.3.0 - Improper Access Control via SAML AudienceRestriction Bypass
Sep 21, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-6801
HIGH
Apache Jackrabbit < 2.4.6 - CSRF
Sep 21, 2016
CVSS 8.8
EPSS 0.00
CVE-2016-5017
HIGH
Apache ZooKeeper < 3.4.9 and 3.5.x < 3.5.3 - Buffer Overflow via C CLI Shell Batch Mode
Sep 21, 2016
CVSS 8.1
EPSS 0.06
CVE-2016-6802
HIGH
Apache Shiro < 1.3.2 - Filter Bypass via Non-Root Servlet Context Path
Sep 20, 2016
CVSS 7.5
EPSS 0.14
CVE-2016-3089
MEDIUM
Apache OpenMeetings < 3.1.2 - Cross-Site Scripting via SWF Panel Parameter
Aug 19, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-0760
HIGH
Apache Sentry - Authenticated Remote Code Execution via Hive Builtin Function Blacklist Bypass
Aug 19, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-0782
MEDIUM
Apache ActiveMQ <5.11.4-5.12.3-5.13.2 - XSS
Aug 05, 2016
CVSS 5.4
EPSS 0.01
CVE-2016-5000
MEDIUM
Apache POI < 3.14 - XML External Entity Injection via XLSX2CSV Example
Aug 05, 2016
CVSS 5.5
EPSS 0.00
CVE-2016-1513
HIGH
Apache OpenOffice < 4.1.2 - Out-of-bounds Read or Write via Crafted MetaActions in ODP/OTP Files
Aug 05, 2016
CVSS 7.8
EPSS 0.01
CVE-2016-1238
HIGH
Perl 5.x < 5.22.3-RC2 and 5.24 < 5.24.1-RC2 - Privilege Escalation via Trojan Horse Module in Current Working Directory
Aug 02, 2016
CVSS 7.8
EPSS 0.00
Products
http_server 317
tomcat 254
airflow 120
struts 90
traffic_server 82
ofbiz 74
superset 68
openoffice 60
activemq 57
subversion 47
cxf 46
nifi 46
solr 46
cloudstack 45
camel 40
hadoop 37
inlong 32
openmeetings 28
dolphinscheduler 27
ambari 26
tika 25
jspwiki 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
archiva 20
couchdb 20
Quick Filters