apache
3,096 tracked vulnerabilities.
CVE-2015-0224
HIGH
Apache Qpid < 0.30 - Denial of Service via Crafted Protocol Sequence
Oct 30, 2017
CVSS 7.5
EPSS 0.15
CVE-2015-1835
MEDIUM
Apache Cordova Android < 3.7.2 and 4.x < 4.0.2 - Secondary Configuration Variable Modification via Intent URL
Oct 27, 2017
CVSS 5.3
EPSS 0.06
CVE-2015-5169
MEDIUM
Apache Struts < 2.3.20 - Cross-Site Scripting
Sep 25, 2017
CVSS 6.1
EPSS 0.08
CVE-2015-5206
CRITICAL
Apache Traffic Server <5.3.2 HTTP/2 Experimental Feature - Second Impact Unknown
Sep 13, 2017
CVSS 9.8
EPSS 0.02
CVE-2015-5168
CRITICAL
Apache Traffic Server <5.3.2 HTTP/2 Experimental Feature - Impact Unknown
Sep 13, 2017
CVSS 9.8
EPSS 0.02
CVE-2015-3250
HIGH
Apache Directory LDAP API <1.0.0-M31 - Info Disclosure
Sep 07, 2017
CVSS 7.5
EPSS 0.05
CVE-2015-5209
HIGH
Apache Struts 2.x < 2.3.24.1 - Remote Code Execution via Top Object Manipulation
Aug 29, 2017
CVSS 7.5
EPSS 0.09
CVE-2015-0249
HIGH
Apache Roller 5.1-5.1.1 - Authenticated Remote Code Execution via Velocity Template Injection
Jul 17, 2017
CVSS 7.2
EPSS 0.05
CVE-2015-3254
MEDIUM
Apache Thrift < 0.9.2 - Authenticated Denial of Service via Skip Function
Jun 16, 2017
CVSS 6.5
EPSS 0.05
CVE-2015-5175
HIGH
Apache CXF Fediz < 1.1.3 and 1.2.x < 1.2.1 - Denial of Service
Jun 07, 2017
CVSS 7.5
EPSS 0.11
CVE-2015-5241
MEDIUM
Apache jUDDI 3.1.2-3.1.5 - Open Redirect
May 19, 2017
CVSS 6.1
EPSS 0.02
CVE-2015-3188
CRITICAL
Apache Storm 0.10.0-beta - Remote Code Execution
Jan 13, 2017
CVSS 9.8
EPSS 0.14
CVE-2015-3271
MEDIUM
Apache Tika Server < 1.10 - Exposure of Sensitive Information via HTTP fileUrl Header
Dec 15, 2016
CVSS 5.3
EPSS 0.07
CVE-2015-1832
CRITICAL
Apache Derby < 10.12.1.1 - XML External Entity Injection via SqlXmlUtil
Oct 03, 2016
CVSS 9.1
EPSS 0.12
CVE-2015-0899
HIGH
Apache Struts 1.1-1.3.10 - Remote Access Restriction Bypass via MultiPageValidator Page Parameter
Jul 04, 2016
CVSS 7.5
EPSS 0.21
CVE-2015-7611
HIGH
Apache James Server < 2.3.2.1 - OS Command Injection
Jun 07, 2016
CVSS 8.1
EPSS 0.69
CVE-2015-5208
MEDIUM
Apache Cordova iOS < 3.9.1 - Arbitrary Plugin Execution via Link
May 09, 2016
CVSS 4.4
EPSS 0.05
CVE-2015-5207
MEDIUM
Apache Cordova iOS <4.0.0 - Auth Bypass
May 09, 2016
CVSS 5.3
EPSS 0.03
CVE-2015-1776
MEDIUM
Apache Hadoop 2.6.0-2.6.4 - Exposure of Sensitive Information via Credentials File
Apr 19, 2016
CVSS 6.2
EPSS 0.00
CVE-2015-5348
HIGH
Apache Camel 2.6.x-2.14.x 2.15.x<2.15.5 2.16.x<2.16.1 - Remote Code Execution via Java Object Deserialization
Apr 15, 2016
CVSS 8.1
EPSS 0.06
CVE-2015-5343
HIGH
Apache Subversion <1.8.15-1.9.3 - DoS
Apr 14, 2016
CVSS 7.6
EPSS 0.30
CVE-2015-7520
MEDIUM
Apache Wicket <1.5.15, <6.22.0, <7.2.0 - XSS
Apr 12, 2016
CVSS 6.1
EPSS 0.05
CVE-2015-5347
MEDIUM
Apache Wicket 1.5.0-1.5.14 - Cross-Site Scripting in ModalWindow Title
Apr 12, 2016
CVSS 6.1
EPSS 0.08
CVE-2015-5167
MEDIUM
Apache Ranger < 0.5.1 - Authenticated Access Control Bypass via REST API
Apr 12, 2016
CVSS 6.5
EPSS 0.02
CVE-2015-3268
MEDIUM
Apache OFBiz < 12.04.06 and 13.07.x < 13.07.03 - Cross-Site Scripting via DisplayEntityField Description Attribute
Apr 12, 2016
CVSS 6.1
EPSS 0.09
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters