apache

2,905 tracked vulnerabilities.

CVE-2016-0731 MEDIUM
Apache Ambari <2.2.1 - Info Disclosure
May 18, 2016
CVSS 4.9
EPSS 0.00
CVE-2016-0707 LOW
Apache Ambari <2.1.2 - Info Disclosure
May 18, 2016
CVSS 3.3
EPSS 0.00
CVE-2016-2099 CRITICAL
Apache Xerces C++ < 3.1.3 - Use-After-Free in DTDScanner
May 13, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-2168 MEDIUM
Apache Subversion < 1.8.16 and 1.9.x < 1.9.4 - Authenticated Denial of Service via Crafted MOVE or COPY Request
May 05, 2016
CVSS 6.5
EPSS 0.07
CVE-2016-2167 MEDIUM
Apache Subversion < 1.8.16 and 1.9.x < 1.9.4 - Unauthenticated Authentication Bypass via Realm String Prefix
May 05, 2016
CVSS 6.8
EPSS 0.01
CVE-2016-3082 CRITICAL
Apache Struts 2.x Remote Code Execution via XSLTResult Stylesheet Location
Apr 26, 2016
CVSS 9.8
EPSS 0.25
CVE-2016-3081 HIGH NUCLEI
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution via Dynamic Method Invocation
Apr 26, 2016
CVSS 8.1
EPSS 0.94
CVE-2016-3427 CRITICAL KEV
Oracle JDK and JRE - Remote Code Execution via JMX
Apr 21, 2016
CVSS 9.8
EPSS 0.93
CVE-2016-4003 MEDIUM
Apache Struts 2.0.0-2.3.27 - Cross-Site Scripting via URLDecoder Multi-Byte Character Handling
Apr 12, 2016
CVSS 6.1
EPSS 0.03
CVE-2016-2162 MEDIUM
Apache Struts 2.x < 2.3.25 - Cross-Site Scripting via I18NInterceptor Locale Handling
Apr 12, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-0785 HIGH
Apache Struts 2.0.0-2.3.20.3 - Remote Code Execution via Forced Double OGNL Evaluation
Apr 12, 2016
CVSS 8.8
EPSS 0.18
CVE-2016-2170 CRITICAL
Apache OFBiz 12.04-12.04.05 and 13.07-13.07.02 - Remote Code Execution via Deserialization
Apr 12, 2016
CVSS 9.8
EPSS 0.14
CVE-2016-2166 MEDIUM
Apache Qpid Proton < 0.12.1 - Unencrypted Connection for AMQPS URI Scheme
Apr 12, 2016
CVSS 6.5
EPSS 0.00
CVE-2016-0733 CRITICAL
Apache Ranger < 0.5.1 - Unauthenticated Authentication Bypass via Missing Password
Apr 12, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-0735 HIGH
Apache Ranger 0.5.0-0.5.1 - Authenticated Access Control Bypass via Exclude Policy Mishandling
Apr 11, 2016
CVSS 8.8
EPSS 0.00
CVE-2016-2171 HIGH
Apache Jetspeed < 2.3.0 - Unauthenticated User Management via REST API
Apr 11, 2016
CVSS 7.5
EPSS 0.17
CVE-2016-2164 HIGH
Apache OpenMeetings < 3.1.1 - Arbitrary File Read via FileService SOAP API
Apr 11, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-2163 MEDIUM
Apache OpenMeetings < 3.1.1 - Cross-Site Scripting via Event Description
Apr 11, 2016
CVSS 6.1
EPSS 0.03
CVE-2016-0784 MEDIUM
Apache OpenMeetings <3.1.1 - Path Traversal
Apr 11, 2016
CVSS 6.5
EPSS 0.06
CVE-2016-0783 HIGH
Apache OpenMeetings <3.1.1 - Info Disclosure
Apr 11, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-0712 MEDIUM
Apache Jetspeed < 2.3.1 - Cross-Site Scripting via PATH_INFO
Apr 11, 2016
CVSS 6.1
EPSS 0.03
CVE-2016-0711 MEDIUM
Apache Jetspeed < 2.3.1 - Cross-Site Scripting via Title Parameter
Apr 11, 2016
CVSS 6.1
EPSS 0.03
CVE-2016-0710 HIGH
Apache Jetspeed Arbitrary File Upload
Apr 11, 2016
CVSS 8.8
EPSS 0.79
CVE-2016-0709 HIGH
Apache Jetspeed <2.3.1 - Path Traversal
Apr 11, 2016
CVSS 7.2
EPSS 0.71
CVE-2016-0734 MEDIUM
Apache ActiveMQ 5.x < 5.13.2 - Clickjacking via Missing X-Frame-Options Header
Apr 07, 2016
CVSS 6.1
EPSS 0.03
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV