apache

3,096 tracked vulnerabilities.

CVE-2016-2162 MEDIUM
Apache Struts 2.x < 2.3.25 - Cross-Site Scripting via I18NInterceptor Locale Handling
Apr 12, 2016
CVSS 6.1
EPSS 0.08
CVE-2016-0785 HIGH
Apache Struts 2.0.0-2.3.20.3 - Remote Code Execution via Forced Double OGNL Evaluation
Apr 12, 2016
CVSS 8.8
EPSS 0.09
CVE-2016-2170 CRITICAL
Apache OFBiz 12.04-12.04.05 and 13.07-13.07.02 - Remote Code Execution via Deserialization
Apr 12, 2016
CVSS 9.8
EPSS 0.13
CVE-2016-2166 MEDIUM
Apache Qpid Proton < 0.12.1 - Unencrypted Connection for AMQPS URI Scheme
Apr 12, 2016
CVSS 6.5
EPSS 0.04
CVE-2016-0733 CRITICAL
Apache Ranger < 0.5.1 - Unauthenticated Authentication Bypass via Missing Password
Apr 12, 2016
CVSS 9.8
EPSS 0.03
CVE-2016-0735 HIGH
Apache Ranger 0.5.0-0.5.1 - Authenticated Access Control Bypass via Exclude Policy Mishandling
Apr 11, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-2171 HIGH
Apache Jetspeed < 2.3.0 - Unauthenticated User Management via REST API
Apr 11, 2016
CVSS 7.5
EPSS 0.43
CVE-2016-2164 HIGH
Apache OpenMeetings < 3.1.1 - Arbitrary File Read via FileService SOAP API
Apr 11, 2016
CVSS 7.5
EPSS 0.07
CVE-2016-2163 MEDIUM
Apache OpenMeetings < 3.1.1 - Cross-Site Scripting via Event Description
Apr 11, 2016
CVSS 6.1
EPSS 0.08
CVE-2016-0784 MEDIUM
Apache OpenMeetings <3.1.1 - Path Traversal
Apr 11, 2016
CVSS 6.5
EPSS 0.56
CVE-2016-0783 HIGH
Apache OpenMeetings <3.1.1 - Info Disclosure
Apr 11, 2016
CVSS 7.5
EPSS 0.07
CVE-2016-0712 MEDIUM
Apache Jetspeed < 2.3.1 - Cross-Site Scripting via PATH_INFO
Apr 11, 2016
CVSS 6.1
EPSS 0.03
CVE-2016-0711 MEDIUM
Apache Jetspeed < 2.3.1 - Cross-Site Scripting via Title Parameter
Apr 11, 2016
CVSS 6.1
EPSS 0.03
CVE-2016-0710 HIGH
Apache Jetspeed Arbitrary File Upload
Apr 11, 2016
CVSS 8.8
EPSS 0.52
CVE-2016-0709 HIGH
Apache Jetspeed <2.3.1 - Path Traversal
Apr 11, 2016
CVSS 7.2
EPSS 0.77
CVE-2016-0734 MEDIUM
Apache ActiveMQ 5.x < 5.13.2 - Clickjacking via Missing X-Frame-Options Header
Apr 07, 2016
CVSS 6.1
EPSS 0.08
CVE-2016-0763 MEDIUM
Apache Tomcat <7.0.68, <8.0.31, <9.0.0.M3 - Privilege Escalation
Feb 25, 2016
CVSS 6.3
EPSS 0.11
CVE-2016-0714 HIGH
Apache Tomcat <6.0.45-9.0.0.M2 - Privilege Escalation
Feb 25, 2016
CVSS 8.8
EPSS 0.13
CVE-2016-0706 MEDIUM
Apache Tomcat <6.0.45-9.0.0.M2 - Auth Bypass
Feb 25, 2016
CVSS 4.3
EPSS 0.06
CVE-2016-0956 HIGH
Apache Sling 2.3.6 - Info Disclosure
Feb 10, 2016
CVSS 7.5
EPSS 0.46
CVE-2015-2992 MEDIUM
Apache Struts < 2.3.20 - Cross-Site Scripting
Feb 27, 2020
CVSS 6.1
EPSS 0.06
CVE-2015-7559 LOW
Apache ActiveMQ < 5.14.5 - Denial of Service via Remote Shutdown Command
Aug 01, 2019
CVSS 2.7
EPSS 0.02
CVE-2015-0203 MEDIUM
Apache Qpid < 0.30 - Authenticated Denial of Service via AMQP Message
Feb 21, 2018
CVSS 6.5
EPSS 0.09
CVE-2015-3249 CRITICAL
Apache Traffic Server <5.3.1 - DoS/Code Injection
Oct 30, 2017
CVSS 9.8
EPSS 0.05
CVE-2015-0226 HIGH
Apache WSS4J < 1.6.17 and 2.0.0-2.0.1 - Information Disclosure via Decryption Failure Handling
Oct 30, 2017
CVSS 7.5
EPSS 0.06