apache

2,910 tracked vulnerabilities.

CVE-2014-4651 CRITICAL
Apache jclouds 1.7.3-1.7.9 - Predictable Temporary File Location
Feb 18, 2020
CVSS 9.8
EPSS 0.02
CVE-2014-0048 CRITICAL
Docker < 1.6.0 - Remote Code Execution via Insecure HTTP Downloads
Jan 02, 2020
CVSS 9.8
EPSS 0.03
CVE-2014-0212 HIGH
Apache Qpid C++ - Denial of Service via ACL Policy File Descriptor Exhaustion
Dec 13, 2019
CVSS 7.5
EPSS 0.05
CVE-2014-0219 MEDIUM
Apache Karaf < 4.0.10 - Denial of Service via Shutdown Command
Nov 15, 2017
CVSS 5.5
EPSS 0.00
CVE-2014-0073 CRITICAL
Apache Cordova In-App-Browser <0.3.2 - RCE
Oct 30, 2017
CVSS 9.8
EPSS 0.11
CVE-2014-0072 HIGH
Apache Cordova File-Transfer < 0.4.1 and Cordova 2.4.0-2.9.0 - SSL Server Spoofing via Default trustAllHosts Setting
Oct 30, 2017
CVSS 7.5
EPSS 0.01
CVE-2014-0115 HIGH
Apache Storm 0.9.0.1 - Path Traversal
Oct 30, 2017
CVSS 7.5
EPSS 0.01
CVE-2014-3624 CRITICAL
Apache Traffic Server 5.1.x - Improper Access Control via CONNECT Request Tunneling
Oct 30, 2017
CVSS 9.8
EPSS 0.00
CVE-2014-3526 HIGH
Apache Wicket < 1.5.12, 6.x < 6.17.0, and 7.x < 7.0.0-M3 - Exposure of Sensitive Information via Page Markup Identifiers
Oct 30, 2017
CVSS 7.5
EPSS 0.00
CVE-2014-3600 CRITICAL
Apache ActiveMQ 5.x < 5.10.1 - XML External Entity Injection via XPath Selector
Oct 27, 2017
CVSS 9.8
EPSS 0.01
CVE-2014-3579 CRITICAL
Apache ActiveMQ Apollo 1.0.0-1.7.0 - XML External Entity Injection via XPath Selector
Oct 27, 2017
CVSS 9.8
EPSS 0.03
CVE-2014-0030 CRITICAL
Apache Roller - XML External Entity Injection
Oct 10, 2017
CVSS 9.8
EPSS 0.19
CVE-2014-0043 MEDIUM
Apache Wicket <1.5.10,6.13.0 - Info Disclosure
Oct 03, 2017
CVSS 5.3
EPSS 0.02
CVE-2014-7808 HIGH
Apache Wicket < 1.5.13, 6.x < 6.19.0, and 7.x < 7.0.0-M5 - Predictable Encrypted URLs via CryptoMapper
Sep 15, 2017
CVSS 7.5
EPSS 0.00
CVE-2014-3582 CRITICAL
Apache Ambari 1.2.0-2.2.2 - OS Command Injection via SSL Certificate Generation
Mar 29, 2017
CVSS 9.8
EPSS 0.00
CVE-2014-0229 MEDIUM
Apache Hadoop <0.23.11 & 2.<2.4.1 - DoS
Mar 23, 2017
CVSS 6.5
EPSS 0.00
CVE-2014-3612
Apache ActiveMQ 5.0.0-5.10.0 - Unauthenticated Authentication Bypass via Empty Password
Aug 24, 2015
EPSS 0.01
CVE-2014-1972
Apache Tapestry <5.3.6 - DoS/Code Injection
Aug 22, 2015
EPSS 0.09
CVE-2014-3576 HIGH
Apache ActiveMQ < 5.11.0 - Unauthenticated Denial of Service via Shutdown Command
Aug 14, 2015
CVSS 7.5
EPSS 0.41
CVE-2014-7810
Debian Linux < 6.0.44 - Improper Access Control
Jun 07, 2015
EPSS 0.09
CVE-2014-0230
Apache Tomcat <6.0.44, 7.x <7.0.55, 8.x <8.0.9 - DoS
Jun 07, 2015
EPSS 0.03
CVE-2014-8111
Apache Tomcat Connectors < 1.2.40 - Exposure of Sensitive Information via JkUnmount Rule Bypass
Apr 21, 2015
EPSS 0.04
CVE-2014-0227
Apache Tomcat <6.0.42, <7.0.55, <8.0.9 - DoS
Feb 16, 2015
EPSS 0.78
CVE-2014-8110
Apache ActiveMQ 5.x < 5.10.1 - Cross-Site Scripting in Web Administration Console
Feb 12, 2015
EPSS 0.04
CVE-2014-8152
Apache Santuario XML Security for Java 2.0.0-2.0.2 - XML Signature Protection Bypass via Crafted XML Document
Jan 21, 2015
EPSS 0.02
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 shiro 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20
Quick Filters
Critical CVEs With Exploits In CISA KEV