apache
3,096 tracked vulnerabilities.
CVE-2016-8737
HIGH
Apache Brooklyn < 0.10.0 - Cross-Site Request Forgery
Sep 13, 2017
CVSS 8.8
EPSS 0.01
CVE-2016-3086
CRITICAL
Apache Hadoop 2.6.0-2.6.4 and 2.7.0-2.7.2 - Unauthorized Sensitive Information Exposure via YARN NodeManager
Sep 05, 2017
CVSS 9.8
EPSS 0.04
CVE-2016-5001
MEDIUM
Apache Hadoop < 2.6.4 and 2.7.0-2.7.1 - Unauthorized File Read via Short-Circuit Reads Token Guessing
Aug 30, 2017
CVSS 5.5
EPSS 0.01
CVE-2016-6800
MEDIUM
Apache OFBiz - Stored Cross-Site Scripting in Blog Article Summary and Content Fields
Aug 30, 2017
CVSS 6.1
EPSS 0.03
CVE-2016-4462
HIGH
Apache OFBiz - Authenticated Remote Code Execution via ExternalLoginKey Freemarker Injection
Aug 30, 2017
CVSS 8.8
EPSS 0.04
CVE-2016-8752
HIGH
Apache Atlas <0.8 - Info Disclosure
Aug 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2016-4460
CRITICAL
Apache Pony Mail 0.6c-0.8b - Unauthenticated Authentication Bypass
Aug 22, 2017
CVSS 9.8
EPSS 0.06
CVE-2016-6796
HIGH
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Auth ...
Aug 11, 2017
CVSS 7.5
EPSS 0.08
CVE-2016-8745
HIGH
Apache Tomcat <9.0.0.M14, 8.5.9, 8.0.40, 7.0.74, 6.0.49 - Info Disc...
Aug 10, 2017
CVSS 7.5
EPSS 0.16
CVE-2016-6817
HIGH
Apache Tomcat 8.5.0-8.5.6 and 9.0.0.M1-9.0.0.M11 - Denial of Service via HTTP/2 Header Parser
Aug 10, 2017
CVSS 7.5
EPSS 0.07
CVE-2016-6797
HIGH
Apache Tomcat 6.0.0-6.0.45, 7.0.0-7.0.70, 8.0.0.RC1-8.0.36, 8.5.0-8.5.4, 9.0.0.M1-9.0.0.M9 - Incorrect Authorization
Aug 10, 2017
CVSS 7.5
EPSS 0.08
CVE-2016-8739
HIGH
Apache CXF <3.0.12, <3.1.9 - Info Disclosure
Aug 10, 2017
CVSS 7.5
EPSS 0.07
CVE-2016-6812
MEDIUM
Apache CXF < 3.0.12 and 3.1.x < 3.1.9 - Cross-Site Scripting via Matrix Parameters in HTTP Transport Module
Aug 10, 2017
CVSS 6.1
EPSS 0.09
CVE-2016-6794
MEDIUM
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Info ...
Aug 10, 2017
CVSS 5.3
EPSS 0.07
CVE-2016-5018
CRITICAL
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Auth ...
Aug 10, 2017
CVSS 9.1
EPSS 0.10
CVE-2016-0762
MEDIUM
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Info ...
Aug 10, 2017
CVSS 5.9
EPSS 0.08
CVE-2016-8743
HIGH
Apache HTTP Server <2.2.32 & 2.4.25 - Info Disclosure
Jul 27, 2017
CVSS 7.5
EPSS 0.13
CVE-2016-2161
HIGH
Apache HTTP Server 2.4.0-2.4.23 - Denial of Service via mod_auth_digest Input
Jul 27, 2017
CVSS 7.5
EPSS 0.21
CVE-2016-0736
HIGH
Apache HTTP Server <2.4.24 - Info Disclosure
Jul 27, 2017
CVSS 7.5
EPSS 0.49
CVE-2016-6798
CRITICAL
Apache Sling XSS Protection API < 1.0.12 - XML External Entity Injection via Insecure SAX Parser
Jul 19, 2017
CVSS 9.8
EPSS 0.04
CVE-2016-5394
MEDIUM
Apache Sling XSS Protection API < 1.0.12 - Cross-Site Scripting via encodeForJSString Method
Jul 19, 2017
CVSS 6.1
EPSS 0.03
CVE-2016-6793
CRITICAL
Apache Wicket 1.5.0-1.5.16 - Deserialization of Untrusted Data in DiskFileItem
Jul 17, 2017
CVSS 9.1
EPSS 0.08
CVE-2016-8751
MEDIUM
Apache Ranger < 0.6.3 - Stored Cross-Site Scripting in Custom Policy Conditions
Jun 14, 2017
CVSS 4.8
EPSS 0.02
CVE-2016-8746
MEDIUM
Apache Ranger <0.6.3 - Info Disclosure
Jun 14, 2017
CVSS 5.9
EPSS 0.03
CVE-2016-5004
MEDIUM
Apache ws-xmlrpc 3.1.3 - Denial of Service via Content-Encoding Header Decompression
Jun 06, 2017
CVSS 6.5
EPSS 0.06
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters