apache

3,096 tracked vulnerabilities.

CVE-2015-0224 HIGH
Apache Qpid < 0.30 - Denial of Service via Crafted Protocol Sequence
Oct 30, 2017
CVSS 7.5
EPSS 0.15
CVE-2015-1835 MEDIUM
Apache Cordova Android < 3.7.2 and 4.x < 4.0.2 - Secondary Configuration Variable Modification via Intent URL
Oct 27, 2017
CVSS 5.3
EPSS 0.06
CVE-2015-5169 MEDIUM
Apache Struts < 2.3.20 - Cross-Site Scripting
Sep 25, 2017
CVSS 6.1
EPSS 0.08
CVE-2015-5206 CRITICAL
Apache Traffic Server <5.3.2 HTTP/2 Experimental Feature - Second Impact Unknown
Sep 13, 2017
CVSS 9.8
EPSS 0.02
CVE-2015-5168 CRITICAL
Apache Traffic Server <5.3.2 HTTP/2 Experimental Feature - Impact Unknown
Sep 13, 2017
CVSS 9.8
EPSS 0.02
CVE-2015-3250 HIGH
Apache Directory LDAP API <1.0.0-M31 - Info Disclosure
Sep 07, 2017
CVSS 7.5
EPSS 0.05
CVE-2015-5209 HIGH
Apache Struts 2.x < 2.3.24.1 - Remote Code Execution via Top Object Manipulation
Aug 29, 2017
CVSS 7.5
EPSS 0.09
CVE-2015-0249 HIGH
Apache Roller 5.1-5.1.1 - Authenticated Remote Code Execution via Velocity Template Injection
Jul 17, 2017
CVSS 7.2
EPSS 0.05
CVE-2015-3254 MEDIUM
Apache Thrift < 0.9.2 - Authenticated Denial of Service via Skip Function
Jun 16, 2017
CVSS 6.5
EPSS 0.05
CVE-2015-5175 HIGH
Apache CXF Fediz < 1.1.3 and 1.2.x < 1.2.1 - Denial of Service
Jun 07, 2017
CVSS 7.5
EPSS 0.11
CVE-2015-5241 MEDIUM
Apache jUDDI 3.1.2-3.1.5 - Open Redirect
May 19, 2017
CVSS 6.1
EPSS 0.02
CVE-2015-3188 CRITICAL
Apache Storm 0.10.0-beta - Remote Code Execution
Jan 13, 2017
CVSS 9.8
EPSS 0.14
CVE-2015-3271 MEDIUM
Apache Tika Server < 1.10 - Exposure of Sensitive Information via HTTP fileUrl Header
Dec 15, 2016
CVSS 5.3
EPSS 0.07
CVE-2015-1832 CRITICAL
Apache Derby < 10.12.1.1 - XML External Entity Injection via SqlXmlUtil
Oct 03, 2016
CVSS 9.1
EPSS 0.12
CVE-2015-0899 HIGH
Apache Struts 1.1-1.3.10 - Remote Access Restriction Bypass via MultiPageValidator Page Parameter
Jul 04, 2016
CVSS 7.5
EPSS 0.21
CVE-2015-7611 HIGH
Apache James Server < 2.3.2.1 - OS Command Injection
Jun 07, 2016
CVSS 8.1
EPSS 0.69
CVE-2015-5208 MEDIUM
Apache Cordova iOS < 3.9.1 - Arbitrary Plugin Execution via Link
May 09, 2016
CVSS 4.4
EPSS 0.05
CVE-2015-5207 MEDIUM
Apache Cordova iOS <4.0.0 - Auth Bypass
May 09, 2016
CVSS 5.3
EPSS 0.03
CVE-2015-1776 MEDIUM
Apache Hadoop 2.6.0-2.6.4 - Exposure of Sensitive Information via Credentials File
Apr 19, 2016
CVSS 6.2
EPSS 0.00
CVE-2015-5348 HIGH
Apache Camel 2.6.x-2.14.x 2.15.x<2.15.5 2.16.x<2.16.1 - Remote Code Execution via Java Object Deserialization
Apr 15, 2016
CVSS 8.1
EPSS 0.06
CVE-2015-5343 HIGH
Apache Subversion <1.8.15-1.9.3 - DoS
Apr 14, 2016
CVSS 7.6
EPSS 0.30
CVE-2015-7520 MEDIUM
Apache Wicket <1.5.15, <6.22.0, <7.2.0 - XSS
Apr 12, 2016
CVSS 6.1
EPSS 0.05
CVE-2015-5347 MEDIUM
Apache Wicket 1.5.0-1.5.14 - Cross-Site Scripting in ModalWindow Title
Apr 12, 2016
CVSS 6.1
EPSS 0.08
CVE-2015-5167 MEDIUM
Apache Ranger < 0.5.1 - Authenticated Access Control Bypass via REST API
Apr 12, 2016
CVSS 6.5
EPSS 0.02
CVE-2015-3268 MEDIUM
Apache OFBiz < 12.04.06 and 13.07.x < 13.07.03 - Cross-Site Scripting via DisplayEntityField Description Attribute
Apr 12, 2016
CVSS 6.1
EPSS 0.09