apache
3,096 tracked vulnerabilities.
CVE-2016-5425
HIGH
Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation
Oct 13, 2016
CVSS 7.8
EPSS 0.04
CVE-2016-5019
CRITICAL
Apache MyFaces Trinidad Deserialization of Untrusted Data via Serialized View State
Oct 03, 2016
CVSS 9.8
EPSS 0.08
CVE-2016-4436
CRITICAL
Apache Struts 2 <2.3.29, <2.5.1 - Info Disclosure
Oct 03, 2016
CVSS 9.8
EPSS 0.07
CVE-2016-1240
HIGH
Apache Tomcat on Ubuntu Log Init Privilege Escalation
Oct 03, 2016
CVSS 7.8
EPSS 0.10
CVE-2016-4978
HIGH
Apache ActiveMQ Artemis < 1.4.0 - Authenticated Remote Code Execution via JMS ObjectMessage Deserialization
Sep 27, 2016
CVSS 7.2
EPSS 0.07
CVE-2016-5395
MEDIUM
Apache Ranger < 0.6.1 - Authenticated Stored Cross-Site Scripting in Policy Admin Tool
Sep 26, 2016
CVSS 4.8
EPSS 0.02
CVE-2016-4464
CRITICAL
Apache CXF Fediz 1.2.0-1.2.2 and 1.3.0 - Improper Access Control via SAML AudienceRestriction Bypass
Sep 21, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-6801
HIGH
Apache Jackrabbit < 2.4.6 - CSRF
Sep 21, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-5017
HIGH
Apache ZooKeeper < 3.4.9 and 3.5.x < 3.5.3 - Buffer Overflow via C CLI Shell Batch Mode
Sep 21, 2016
CVSS 8.1
EPSS 0.08
CVE-2016-6802
HIGH
Apache Shiro < 1.3.2 - Filter Bypass via Non-Root Servlet Context Path
Sep 20, 2016
CVSS 7.5
EPSS 0.10
CVE-2016-3089
MEDIUM
Apache OpenMeetings < 3.1.2 - Cross-Site Scripting via SWF Panel Parameter
Aug 19, 2016
CVSS 6.1
EPSS 0.05
CVE-2016-0760
HIGH
Apache Sentry - Authenticated Remote Code Execution via Hive Builtin Function Blacklist Bypass
Aug 19, 2016
CVSS 8.8
EPSS 0.03
CVE-2016-0782
MEDIUM
Apache ActiveMQ <5.11.4-5.12.3-5.13.2 - XSS
Aug 05, 2016
CVSS 5.4
EPSS 0.06
CVE-2016-5000
MEDIUM
Apache POI < 3.14 - XML External Entity Injection via XLSX2CSV Example
Aug 05, 2016
CVSS 5.5
EPSS 0.04
CVE-2016-1513
HIGH
Apache OpenOffice < 4.1.2 - Out-of-bounds Read or Write via Crafted MetaActions in ODP/OTP Files
Aug 05, 2016
CVSS 7.8
EPSS 0.04
CVE-2016-1238
HIGH
Perl 5.x < 5.22.3-RC2 and 5.24 < 5.24.1-RC2 - Privilege Escalation via Trojan Horse Module in Current Working Directory
Aug 02, 2016
CVSS 7.8
EPSS 0.01
CVE-2016-5005
MEDIUM
Apache Archiva < 1.3.9 and < 2.2.1 - Authenticated Cross-Site Scripting via connector.sourceRepoId Parameter
Jul 28, 2016
CVSS 4.8
EPSS 0.05
CVE-2016-4469
HIGH
Apache Archiva < 1.3.9 - Cross-Site Request Forgery via Token Parameter
Jul 28, 2016
CVSS 8.8
EPSS 0.08
CVE-2016-5388
HIGH
Redhat Enterprise Linux Desktop < 7.5.5.0 - Improper Access Control
Jul 19, 2016
CVSS 8.1
EPSS 0.51
CVE-2016-5387
HIGH
Apache HTTP Server < 2.2.31 - Remote HTTP Traffic Redirection via HTTP_PROXY Header
Jul 19, 2016
CVSS 8.1
EPSS 0.56
CVE-2016-4974
HIGH
Apache Qpid AMQP JMS Client < 6.0.4 & JMS (AMQP 1.0) < 0.10.0 - RCE via JMS ObjectMessage Deserialization
Jul 13, 2016
CVSS 7.5
EPSS 0.06
CVE-2016-4463
HIGH
Apache Xerces-C++ < 3.1.4 - Denial of Service via Deeply Nested DTD
Jul 08, 2016
CVSS 7.5
EPSS 0.14
CVE-2016-4979
HIGH
Apache HTTP Server 2.4.18-2.4.20 - Authentication Bypass via HTTP/2 Request Handling
Jul 06, 2016
CVSS 7.5
EPSS 0.19
CVE-2016-1546
MEDIUM
Apache HTTP Server <2.4.17-2.4.18 - DoS
Jul 06, 2016
CVSS 5.9
EPSS 0.15
CVE-2016-4465
MEDIUM
Apache Struts 2.3.20-2.3.28.1 and 2.5.x < 2.5.1 - Denial of Service via URLValidator Null Value
Jul 04, 2016
CVSS 5.3
EPSS 0.11
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters