apache

3,096 tracked vulnerabilities.

CVE-2016-4438 CRITICAL
Apache Struts 2.3.19-2.3.28.1 - Remote Code Execution via REST Plugin
Jul 04, 2016
CVSS 9.8
EPSS 0.17
CVE-2016-4433 HIGH
Apache Struts 2 <2.3.29 - Auth Bypass
Jul 04, 2016
CVSS 7.5
EPSS 0.10
CVE-2016-4431 HIGH
Apache Struts 2 <2.3.29 - Auth Bypass
Jul 04, 2016
CVSS 7.5
EPSS 0.10
CVE-2016-4430 HIGH
Apache Struts 2.3.20-2.3.28.1 - Cross-Site Request Forgery
Jul 04, 2016
CVSS 8.8
EPSS 0.04
CVE-2016-3092 HIGH
Apache Tomcat 7.x < 7.0.70, 8.x < 8.0.36, 8.5.x < 8.5.3, 9.x < 9.0.0.M7 - Denial of Service via Long Boundary String
Jul 04, 2016
CVSS 7.5
EPSS 0.36
CVE-2016-1182 HIGH
Apache Struts 1.x-1.3.10 - Cross-Site Scripting or Denial of Service via Validator Configuration
Jul 04, 2016
CVSS 8.2
EPSS 0.26
CVE-2016-1181 HIGH
Apache Struts 1 <1.3.10 - RCE
Jul 04, 2016
CVSS 8.1
EPSS 0.13
CVE-2016-2174 HIGH
Apache Ranger < 0.5.3 - Authenticated SQL Injection via eventTime Parameter
Jun 13, 2016
CVSS 7.2
EPSS 0.02
CVE-2016-3085 MEDIUM
Apache CloudStack < 4.5.2.1, 4.6.2.1, 4.7.1.1, 4.8.0.1 - SAML Authentication Bypass
Jun 10, 2016
CVSS 6.5
EPSS 0.03
CVE-2016-3093 MEDIUM
Apache Struts 2.0.0-2.3.24.1 - Denial of Service via OGNL Method Reference Caching
Jun 07, 2016
CVSS 5.3
EPSS 0.09
CVE-2016-3087 CRITICAL
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution
Jun 07, 2016
CVSS 9.8
EPSS 0.81
CVE-2016-4437 CRITICAL KEVNUCLEI
Apache Shiro < 1.2.5 - Remote Code Execution via Remember Me Feature
Jun 07, 2016
CVSS 9.8
EPSS 0.93
CVE-2016-4432 CRITICAL
Apache Qpid Java <6.0.3 - Auth Bypass
Jun 01, 2016
CVSS 9.1
EPSS 0.08
CVE-2016-3094 MEDIUM
Apache Qpid Broker-J < 6.0.2 and qpid-broker < 6.0.3 - Denial of Service via Crafted Authentication Attempt
Jun 01, 2016
CVSS 5.9
EPSS 0.08
CVE-2016-3088 CRITICAL KEVNUCLEI
ActiveMQ web shell upload
Jun 01, 2016
CVSS 9.8
EPSS 0.99
CVE-2016-2175 HIGH
Apache PDFBox < 1.8.12 and 2.x < 2.0.1 - XML External Entity Injection
Jun 01, 2016
CVSS 7.8
EPSS 0.05
CVE-2016-0731 MEDIUM
Apache Ambari <2.2.1 - Info Disclosure
May 18, 2016
CVSS 4.9
EPSS 0.03
CVE-2016-0707 LOW
Apache Ambari <2.1.2 - Info Disclosure
May 18, 2016
CVSS 3.3
EPSS 0.00
CVE-2016-2099 CRITICAL
Apache Xerces C++ < 3.1.3 - Use-After-Free in DTDScanner
May 13, 2016
CVSS 9.8
EPSS 0.07
CVE-2016-2168 MEDIUM
Apache Subversion < 1.8.16 and 1.9.x < 1.9.4 - Authenticated Denial of Service via Crafted MOVE or COPY Request
May 05, 2016
CVSS 6.5
EPSS 0.20
CVE-2016-2167 MEDIUM
Apache Subversion < 1.8.16 and 1.9.x < 1.9.4 - Unauthenticated Authentication Bypass via Realm String Prefix
May 05, 2016
CVSS 6.8
EPSS 0.07
CVE-2016-3082 CRITICAL
Apache Struts 2.x Remote Code Execution via XSLTResult Stylesheet Location
Apr 26, 2016
CVSS 9.8
EPSS 0.20
CVE-2016-3081 HIGH NUCLEI
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution via Dynamic Method Invocation
Apr 26, 2016
CVSS 8.1
EPSS 0.94
CVE-2016-3427 CRITICAL KEV
Oracle JDK and JRE - Remote Code Execution via JMX
Apr 21, 2016
CVSS 9.8
EPSS 0.92
CVE-2016-4003 MEDIUM
Apache Struts 2.0.0-2.3.27 - Cross-Site Scripting via URLDecoder Multi-Byte Character Handling
Apr 12, 2016
CVSS 6.1
EPSS 0.12