apache

3,096 tracked vulnerabilities.

CVE-2016-5425 HIGH
Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation
Oct 13, 2016
CVSS 7.8
EPSS 0.04
CVE-2016-5019 CRITICAL
Apache MyFaces Trinidad Deserialization of Untrusted Data via Serialized View State
Oct 03, 2016
CVSS 9.8
EPSS 0.08
CVE-2016-4436 CRITICAL
Apache Struts 2 <2.3.29, <2.5.1 - Info Disclosure
Oct 03, 2016
CVSS 9.8
EPSS 0.07
CVE-2016-1240 HIGH
Apache Tomcat on Ubuntu Log Init Privilege Escalation
Oct 03, 2016
CVSS 7.8
EPSS 0.10
CVE-2016-4978 HIGH
Apache ActiveMQ Artemis < 1.4.0 - Authenticated Remote Code Execution via JMS ObjectMessage Deserialization
Sep 27, 2016
CVSS 7.2
EPSS 0.07
CVE-2016-5395 MEDIUM
Apache Ranger < 0.6.1 - Authenticated Stored Cross-Site Scripting in Policy Admin Tool
Sep 26, 2016
CVSS 4.8
EPSS 0.02
CVE-2016-4464 CRITICAL
Apache CXF Fediz 1.2.0-1.2.2 and 1.3.0 - Improper Access Control via SAML AudienceRestriction Bypass
Sep 21, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-6801 HIGH
Apache Jackrabbit < 2.4.6 - CSRF
Sep 21, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-5017 HIGH
Apache ZooKeeper < 3.4.9 and 3.5.x < 3.5.3 - Buffer Overflow via C CLI Shell Batch Mode
Sep 21, 2016
CVSS 8.1
EPSS 0.08
CVE-2016-6802 HIGH
Apache Shiro < 1.3.2 - Filter Bypass via Non-Root Servlet Context Path
Sep 20, 2016
CVSS 7.5
EPSS 0.10
CVE-2016-3089 MEDIUM
Apache OpenMeetings < 3.1.2 - Cross-Site Scripting via SWF Panel Parameter
Aug 19, 2016
CVSS 6.1
EPSS 0.05
CVE-2016-0760 HIGH
Apache Sentry - Authenticated Remote Code Execution via Hive Builtin Function Blacklist Bypass
Aug 19, 2016
CVSS 8.8
EPSS 0.03
CVE-2016-0782 MEDIUM
Apache ActiveMQ <5.11.4-5.12.3-5.13.2 - XSS
Aug 05, 2016
CVSS 5.4
EPSS 0.06
CVE-2016-5000 MEDIUM
Apache POI < 3.14 - XML External Entity Injection via XLSX2CSV Example
Aug 05, 2016
CVSS 5.5
EPSS 0.04
CVE-2016-1513 HIGH
Apache OpenOffice < 4.1.2 - Out-of-bounds Read or Write via Crafted MetaActions in ODP/OTP Files
Aug 05, 2016
CVSS 7.8
EPSS 0.04
CVE-2016-1238 HIGH
Perl 5.x < 5.22.3-RC2 and 5.24 < 5.24.1-RC2 - Privilege Escalation via Trojan Horse Module in Current Working Directory
Aug 02, 2016
CVSS 7.8
EPSS 0.01
CVE-2016-5005 MEDIUM
Apache Archiva < 1.3.9 and < 2.2.1 - Authenticated Cross-Site Scripting via connector.sourceRepoId Parameter
Jul 28, 2016
CVSS 4.8
EPSS 0.05
CVE-2016-4469 HIGH
Apache Archiva < 1.3.9 - Cross-Site Request Forgery via Token Parameter
Jul 28, 2016
CVSS 8.8
EPSS 0.08
CVE-2016-5388 HIGH
Redhat Enterprise Linux Desktop < 7.5.5.0 - Improper Access Control
Jul 19, 2016
CVSS 8.1
EPSS 0.51
CVE-2016-5387 HIGH
Apache HTTP Server < 2.2.31 - Remote HTTP Traffic Redirection via HTTP_PROXY Header
Jul 19, 2016
CVSS 8.1
EPSS 0.56
CVE-2016-4974 HIGH
Apache Qpid AMQP JMS Client < 6.0.4 & JMS (AMQP 1.0) < 0.10.0 - RCE via JMS ObjectMessage Deserialization
Jul 13, 2016
CVSS 7.5
EPSS 0.06
CVE-2016-4463 HIGH
Apache Xerces-C++ < 3.1.4 - Denial of Service via Deeply Nested DTD
Jul 08, 2016
CVSS 7.5
EPSS 0.14
CVE-2016-4979 HIGH
Apache HTTP Server 2.4.18-2.4.20 - Authentication Bypass via HTTP/2 Request Handling
Jul 06, 2016
CVSS 7.5
EPSS 0.19
CVE-2016-1546 MEDIUM
Apache HTTP Server <2.4.17-2.4.18 - DoS
Jul 06, 2016
CVSS 5.9
EPSS 0.15
CVE-2016-4465 MEDIUM
Apache Struts 2.3.20-2.3.28.1 and 2.5.x < 2.5.1 - Denial of Service via URLValidator Null Value
Jul 04, 2016
CVSS 5.3
EPSS 0.11