apache

3,096 tracked vulnerabilities.

CVE-2016-3083 HIGH
Apache Hive < 1.2.2 and 2.0.x < 2.0.1 - Improper Certificate Validation
May 30, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-8741 HIGH
Apache Qpid Broker for Java <6.0.6, <6.1.1 - Info Disclosure
May 15, 2017
CVSS 7.5
EPSS 0.06
CVE-2016-6799 HIGH
Apache Cordova Android < 5.2.2 - Sensitive Information Exposure via Log File Insertion
May 09, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-4467 MEDIUM
Apache Qpid Proton - Improper Certificate Validation
May 02, 2017
CVSS 5.9
EPSS 0.02
CVE-2016-5396 HIGH
Apache Traffic Server 6.0.0-6.2.0 - Denial of Service via HPACK Bomb Attack
Apr 17, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-4970 HIGH
Netty 4.0.20-4.0.36 - Denial of Service via Infinite Loop in OpenSslEngine
Apr 13, 2017
CVSS 7.5
EPSS 0.11
CVE-2016-6808 CRITICAL
Apache Tomcat JK Connector < 1.2.42 - Buffer Overflow
Apr 12, 2017
CVSS 9.8
EPSS 0.19
CVE-2016-0779 CRITICAL
Apache TomEE <1.7.4, <7.0.0-M3 - RCE
Apr 11, 2017
CVSS 9.8
EPSS 0.10
CVE-2016-6811 HIGH
Apache Hadoop 2.2.0-2.7.3 - Privilege Escalation to Root via YARN User
Apr 11, 2017
CVSS 8.8
EPSS 0.03
CVE-2016-6805 MEDIUM
Apache Ignite < 1.9 - XML External Entity Injection via Update-Notifier Documents
Apr 07, 2017
CVSS 5.9
EPSS 0.02
CVE-2016-8735 CRITICAL KEVNUCLEI
Apache Tomcat , 7.x , 8.x , 8.5.x , 9.x <6.0.48 <7.0.73 <8.0.39 <8.5.7 - Remote Code Execution
Apr 06, 2017
CVSS 9.8
EPSS 0.90
CVE-2016-6809 CRITICAL
Apache Tika < 1.14 - Remote Code Execution via MATLAB File Deserialization
Apr 06, 2017
CVSS 9.8
EPSS 0.08
CVE-2016-4976 MEDIUM
Apache Ambari 2.0.0-2.3.9 - Exposure of Sensitive Information via KDC Administrator Password
Mar 29, 2017
CVSS 5.5
EPSS 0.01
CVE-2016-6807 CRITICAL
Apache Ambari 2.4.0-2.4.1 - Unauthenticated Remote Code Execution via Custom Commands
Mar 28, 2017
CVSS 9.8
EPSS 0.02
CVE-2016-8749 CRITICAL
Apache Camel 2.16.0-2.16.4 2.17.0-2.17.4 2.18.0-2.18.1 - Remote Code Execution via Jackson Unmarshalling
Mar 28, 2017
CVSS 9.8
EPSS 0.11
CVE-2016-9775 HIGH
Debian Linux - Access Control
Mar 23, 2017
CVSS 7.8
EPSS 0.01
CVE-2016-9774 HIGH
Debian Linux - Symlink Following
Mar 23, 2017
CVSS 7.8
EPSS 0.01
CVE-2016-6816 HIGH
Apache Tomcat 6.0.0-6.0.47, 7.0.0-7.0.72, 8.0.0.RC1-8.0.38, 8.5.0-8.5.6, 9.0.0.M1-9.0.0.M11 - HTTP Response Injection
Mar 20, 2017
CVSS 7.1
EPSS 0.40
CVE-2016-8747 HIGH
Apache Tomcat <9.0.0.M16 - Info Disclosure
Mar 14, 2017
CVSS 7.5
EPSS 0.07
CVE-2016-1566 MEDIUM
Guacamole 0.9.8-0.9.9 - Authenticated Stored Cross-Site Scripting via File Browser Filename
Feb 02, 2017
CVSS 5.4
EPSS 0.02
CVE-2016-6497 HIGH
Apache Groovy LDAP - LDAP Entry Poisoning via returnObjFlag Setting
Jan 18, 2017
CVSS 7.5
EPSS 0.06
CVE-2016-8740 HIGH
Apache HTTP Server 2.4.17-2.4.23 - DoS
Dec 05, 2016
CVSS 7.5
EPSS 0.79
CVE-2016-5393 HIGH
Apache Hadoop 2.6.x < 2.6.5, 2.7.x < 2.7.3 - Authenticated Remote Code Execution
Nov 29, 2016
CVSS 8.8
EPSS 0.03
CVE-2016-1000031 CRITICAL
Apache Commons FileUpload <1.3.3 - RCE
Oct 25, 2016
CVSS 9.8
EPSS 0.35
CVE-2016-6325 HIGH
Tomcat - Privilege Escalation via Weak File Permissions
Oct 13, 2016
CVSS 7.8
EPSS 0.01