Known Vulnerabilities for products from Apache

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Apache".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-31164 Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements. Not Provided 2021-05-04 2021-05-04
CVE-2021-30638 Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside W... 7.5 - HIGH 2021-04-27 2021-05-06
CVE-2021-30245 The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The probl... 8.8 - HIGH 2021-04-15 2021-04-23
CVE-2021-30128 Apache OFBiz has unsafe deserialization prior to 17.12.07 version 9.8 - CRITICAL 2021-04-27 2021-05-07
CVE-2021-29943 When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy ... 9.1 - CRITICAL 2021-04-13 2021-04-13
CVE-2021-29641 Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include t... 8.8 - HIGH 2021-04-07 2021-04-08
CVE-2021-29425 In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../f... 5.3 - MEDIUM 2021-04-13 2021-05-04
CVE-2021-29262 When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACL... 7.5 - HIGH 2021-04-13 2021-04-13
CVE-2021-29200 Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack 9.8 - CRITICAL 2021-04-27 2021-05-06
CVE-2021-28657 A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Ti... 5.5 - MEDIUM 2021-03-31 2021-05-07
CVE-2021-28125 Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checkin... 6.1 - MEDIUM 2021-04-27 2021-05-07
CVE-2021-27907 Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing ch... 5.4 - MEDIUM 2021-03-05 2021-03-12
CVE-2021-27906 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox ve... 5.5 - MEDIUM 2021-03-19 2021-05-02
CVE-2021-27905 The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "lead... 9.8 - CRITICAL 2021-04-13 2021-04-26
CVE-2021-27850 A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected... 9.8 - CRITICAL 2021-04-15 2021-04-22
CVE-2021-27807 A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.... 5.5 - MEDIUM 2021-03-19 2021-05-02
CVE-2021-27576 If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue w... 7.5 - HIGH 2021-03-15 2021-03-22
CVE-2021-26919 Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users w... 8.8 - HIGH 2021-03-30 2021-04-15
CVE-2021-26697 The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed un... 5.3 - MEDIUM 2021-02-17 2021-02-23
CVE-2021-26559 Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role... 6.5 - MEDIUM 2021-02-17 2021-02-23
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Apache

Type Vendor Product Version
ApplicationApacheAccumulo1.5.0
ApplicationApacheActivemq-
ApplicationApacheActivemq Apollo1.0
ApplicationApacheActivemq Artemis-
ApplicationApacheAirflow0.1
ApplicationApacheAllura1.0.0
ApplicationApacheAmbari0.9
ApplicationApacheAmqp 0-x Jms Client6.0.3
ApplicationApacheAmqp Jms Client0.9.0
ApplicationApacheAnt1.1
ApplicationApacheApache Test-
ApplicationApacheApache-ssl1.37
ApplicationApacheApisix1.2
ApplicationApacheApr-util0.9.1
ApplicationApacheArchiva0.9
ApplicationApacheArrow0.1.0
ApplicationApacheAsterixdb-
ApplicationApacheAtlas0.5.0
ApplicationApacheAxis-
ApplicationApacheAxis2-
Results limited to 20 most recent known configurations
Trademarks for Apache obtained from uspto.report
Mark Image Details
APACHE
"APACHE"
87619318
APACHE
Apache Corporation
2017-09-22
APACHE
"APACHE"
5240176 87213689
APACHE
Apache Outdoors, LLC
2016-10-24
APACHE
"APACHE"
87196995
APACHE
APACHE TECHNOLOGY LLC
2016-10-07
APACHE
"APACHE"
5503848 87187638
APACHE
Apache Tech, Inc.
2016-09-29
APACHE
"APACHE"
4844299 86490020
APACHE
Apache Stainless Equipment Corporation
2014-12-24
APACHE
"APACHE"
4510838 86057138
APACHE
Apache Interests LLC
2013-09-05
APACHE
"APACHE"
4390865 85706000
APACHE
Apache Corporation
2012-08-16
APACHE
"APACHE"
4291810 85661087
APACHE
APACHE MICRO PERIPHERALS, INC.
2012-06-25
APACHE
"APACHE"
3769833 77553819
APACHE
Apache Corporation
2008-08-22
APACHE
"APACHE"
78396468
APACHE
APACHE OFFSHORE POWERBOATS, LLC
2004-04-05
APACHE
"APACHE"
2568832 75642896
APACHE
Apache Micro Peripherals, Inc.
1999-02-16
APACHE
"APACHE"
75293435
APACHE
Apache Boats, Inc.
1997-05-06
123456789 = Registration Number
123456789 = Serial Number

Popular searches for "Apache"

a·pache | əˈpaSH, | noun

apache H, | noun Paris New Oxford American Dictionary Dictionary

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report