apache
3,096 tracked vulnerabilities.
CVE-2016-3083
HIGH
Apache Hive < 1.2.2 and 2.0.x < 2.0.1 - Improper Certificate Validation
May 30, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-8741
HIGH
Apache Qpid Broker for Java <6.0.6, <6.1.1 - Info Disclosure
May 15, 2017
CVSS 7.5
EPSS 0.06
CVE-2016-6799
HIGH
Apache Cordova Android < 5.2.2 - Sensitive Information Exposure via Log File Insertion
May 09, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-4467
MEDIUM
Apache Qpid Proton - Improper Certificate Validation
May 02, 2017
CVSS 5.9
EPSS 0.02
CVE-2016-5396
HIGH
Apache Traffic Server 6.0.0-6.2.0 - Denial of Service via HPACK Bomb Attack
Apr 17, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-4970
HIGH
Netty 4.0.20-4.0.36 - Denial of Service via Infinite Loop in OpenSslEngine
Apr 13, 2017
CVSS 7.5
EPSS 0.11
CVE-2016-6808
CRITICAL
Apache Tomcat JK Connector < 1.2.42 - Buffer Overflow
Apr 12, 2017
CVSS 9.8
EPSS 0.19
CVE-2016-0779
CRITICAL
Apache TomEE <1.7.4, <7.0.0-M3 - RCE
Apr 11, 2017
CVSS 9.8
EPSS 0.10
CVE-2016-6811
HIGH
Apache Hadoop 2.2.0-2.7.3 - Privilege Escalation to Root via YARN User
Apr 11, 2017
CVSS 8.8
EPSS 0.03
CVE-2016-6805
MEDIUM
Apache Ignite < 1.9 - XML External Entity Injection via Update-Notifier Documents
Apr 07, 2017
CVSS 5.9
EPSS 0.02
CVE-2016-8735
CRITICAL
KEVNUCLEI
Apache Tomcat , 7.x , 8.x , 8.5.x , 9.x <6.0.48 <7.0.73 <8.0.39 <8.5.7 - Remote Code Execution
Apr 06, 2017
CVSS 9.8
EPSS 0.90
CVE-2016-6809
CRITICAL
Apache Tika < 1.14 - Remote Code Execution via MATLAB File Deserialization
Apr 06, 2017
CVSS 9.8
EPSS 0.08
CVE-2016-4976
MEDIUM
Apache Ambari 2.0.0-2.3.9 - Exposure of Sensitive Information via KDC Administrator Password
Mar 29, 2017
CVSS 5.5
EPSS 0.01
CVE-2016-6807
CRITICAL
Apache Ambari 2.4.0-2.4.1 - Unauthenticated Remote Code Execution via Custom Commands
Mar 28, 2017
CVSS 9.8
EPSS 0.02
CVE-2016-8749
CRITICAL
Apache Camel 2.16.0-2.16.4 2.17.0-2.17.4 2.18.0-2.18.1 - Remote Code Execution via Jackson Unmarshalling
Mar 28, 2017
CVSS 9.8
EPSS 0.11
CVE-2016-9775
HIGH
Debian Linux - Access Control
Mar 23, 2017
CVSS 7.8
EPSS 0.01
CVE-2016-9774
HIGH
Debian Linux - Symlink Following
Mar 23, 2017
CVSS 7.8
EPSS 0.01
CVE-2016-6816
HIGH
Apache Tomcat 6.0.0-6.0.47, 7.0.0-7.0.72, 8.0.0.RC1-8.0.38, 8.5.0-8.5.6, 9.0.0.M1-9.0.0.M11 - HTTP Response Injection
Mar 20, 2017
CVSS 7.1
EPSS 0.40
CVE-2016-8747
HIGH
Apache Tomcat <9.0.0.M16 - Info Disclosure
Mar 14, 2017
CVSS 7.5
EPSS 0.07
CVE-2016-1566
MEDIUM
Guacamole 0.9.8-0.9.9 - Authenticated Stored Cross-Site Scripting via File Browser Filename
Feb 02, 2017
CVSS 5.4
EPSS 0.02
CVE-2016-6497
HIGH
Apache Groovy LDAP - LDAP Entry Poisoning via returnObjFlag Setting
Jan 18, 2017
CVSS 7.5
EPSS 0.06
CVE-2016-8740
HIGH
Apache HTTP Server 2.4.17-2.4.23 - DoS
Dec 05, 2016
CVSS 7.5
EPSS 0.79
CVE-2016-5393
HIGH
Apache Hadoop 2.6.x < 2.6.5, 2.7.x < 2.7.3 - Authenticated Remote Code Execution
Nov 29, 2016
CVSS 8.8
EPSS 0.03
CVE-2016-1000031
CRITICAL
Apache Commons FileUpload <1.3.3 - RCE
Oct 25, 2016
CVSS 9.8
EPSS 0.35
CVE-2016-6325
HIGH
Tomcat - Privilege Escalation via Weak File Permissions
Oct 13, 2016
CVSS 7.8
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters