apache

2,905 tracked vulnerabilities.

CVE-2015-5208 MEDIUM
Apache Cordova iOS < 3.9.1 - Arbitrary Plugin Execution via Link
May 09, 2016
CVSS 4.4
EPSS 0.02
CVE-2015-5207 MEDIUM
Apache Cordova iOS <4.0.0 - Auth Bypass
May 09, 2016
CVSS 5.3
EPSS 0.00
CVE-2015-1776 MEDIUM
Apache Hadoop 2.6.0-2.6.4 - Exposure of Sensitive Information via Credentials File
Apr 19, 2016
CVSS 6.2
EPSS 0.00
CVE-2015-5348 HIGH
Apache Camel 2.6.x-2.14.x 2.15.x<2.15.5 2.16.x<2.16.1 - Remote Code Execution via Java Object Deserialization
Apr 15, 2016
CVSS 8.1
EPSS 0.07
CVE-2015-5343 HIGH
Apache Subversion <1.8.15-1.9.3 - DoS
Apr 14, 2016
CVSS 7.6
EPSS 0.24
CVE-2015-7520 MEDIUM
Apache Wicket <1.5.15, <6.22.0, <7.2.0 - XSS
Apr 12, 2016
CVSS 6.1
EPSS 0.01
CVE-2015-5347 MEDIUM
Apache Wicket 1.5.0-1.5.14 - Cross-Site Scripting in ModalWindow Title
Apr 12, 2016
CVSS 6.1
EPSS 0.02
CVE-2015-5167 MEDIUM
Apache Ranger < 0.5.1 - Authenticated Access Control Bypass via REST API
Apr 12, 2016
CVSS 6.5
EPSS 0.00
CVE-2015-3268 MEDIUM
Apache OFBiz < 12.04.06 and 13.07.x < 13.07.03 - Cross-Site Scripting via DisplayEntityField Description Attribute
Apr 12, 2016
CVSS 6.1
EPSS 0.05
CVE-2015-5349 HIGH
Apache LDAP Studio/Apache Directory Studio <2.0.0-M10 - Command Inj...
Apr 11, 2016
CVSS 7.8
EPSS 0.01
CVE-2015-0266 HIGH
Apache Ranger < 0.5.0 - Authenticated Access Control Bypass via Direct Module URL Access
Apr 11, 2016
CVSS 7.1
EPSS 0.00
CVE-2015-0265 MEDIUM
Apache Ranger < 0.5.0 - Cross-Site Scripting via HTTP User-Agent Header
Apr 11, 2016
CVSS 6.1
EPSS 0.02
CVE-2015-5351 HIGH
Apache Tomcat <7.0.68, <8.0.31, <9.0.0.M2 - CSRF
Feb 25, 2016
CVSS 8.8
EPSS 0.06
CVE-2015-5346 HIGH
Apache Tomcat <7.0.66, 8.0.30, 9.0.0.M2 - Session Fixation
Feb 25, 2016
CVSS 8.1
EPSS 0.39
CVE-2015-5345 MEDIUM
Apache Tomcat <6.0.45-9.0.0.M2 - Info Disclosure
Feb 25, 2016
CVSS 5.3
EPSS 0.50
CVE-2015-5174 MEDIUM
Apache Tomcat 6.x < 6.0.45, 7.x < 7.0.65, 8.x < 8.0.27 - Directory Traversal via Slash Dot Dot
Feb 25, 2016
CVSS 4.3
EPSS 0.05
CVE-2015-8797 MEDIUM
Apache Solr < 5.3.1 - Cross-Site Scripting via Admin UI Stats Page Entry Parameter
Feb 15, 2016
CVSS 6.1
EPSS 0.02
CVE-2015-8796 MEDIUM
Apache Solr < 5.3 - Cross-Site Scripting via Schema Browser URL Parameter
Feb 15, 2016
CVSS 6.1
EPSS 0.03
CVE-2015-8795 MEDIUM
Apache Solr < 5.1.0 - Cross-Site Scripting in Admin UI Analysis and Schema-Browser Pages
Feb 15, 2016
CVSS 6.1
EPSS 0.03
CVE-2015-3252 CRITICAL
Apache CloudStack <4.5.2 - Info Disclosure
Feb 08, 2016
CVSS 9.8
EPSS 0.02
CVE-2015-3251 MEDIUM
Apache CloudStack <4.5.2 - Info Disclosure
Feb 08, 2016
CVSS 4.9
EPSS 0.00
CVE-2015-5344 CRITICAL
Apache Camel <2.15.5, <2.16.1 - Command Injection
Feb 03, 2016
CVSS 9.8
EPSS 0.05
CVE-2015-7521 HIGH
Apache Hive 1.0.0-1.2.1 - Authorization Bypass via Partition-Level Operations
Jan 29, 2016
CVSS 8.3
EPSS 0.00
CVE-2015-5259 HIGH
Apache Subversion - Remote Code Execution via Integer Overflow in read_string Function
Jan 08, 2016
CVSS 8.6
EPSS 0.34
CVE-2015-5254 CRITICAL
Apache ActiveMQ <5.13.0 - RCE
Jan 08, 2016
CVSS 9.8
EPSS 0.80
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV