Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack — Apache Log4jCWE-917 9.0 -2021-12-14
CVE-2021-44549 SMTPS server hostname not checked when making TLS connection to SMTPS server — Apache Sling Commons Messaging MailCWE-295 7.4 -2021-12-14
CVE-2021-4104 Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2 — Apache Log4j 1.xCWE-502 7.5 -2021-12-14
CVE-2021-44228 Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints — Apache Log4j2CWE-502 9.9 -2021-12-10
CVE-2021-43410 airavata-django-portal allows CRLF log injection because of the lack of escaping in the log statements — Apache Airavata Django PortalCWE-117 5.3 -2021-12-09
CVE-2021-44140 Arbitrary file deletion on logout — Apache JSPWiki 9.1 -2021-11-24
CVE-2021-40369 XSS vulnerability on Denounce plugin — Apache JSPWiki 6.1 -2021-11-24
CVE-2021-43557 Path traversal in request_uri variable — Apache APISIX 9.1 -2021-11-22
CVE-2021-41532 Unauthenticated access to Ozone Recon HTTP endpoints — Apache OzoneCWE-200 5.3 -2021-11-19
CVE-2021-39236 Owners of the S3 tokens are not validated — Apache OzoneCWE-862 8.1 -2021-11-19
CVE-2021-39235 Access mode of block tokens are not enforced — Apache OzoneCWE-732 8.1 -2021-11-19
CVE-2021-39234 Raw block data can be read bypassing ACL/authorization — Apache OzoneCWE-20 6.8 -2021-11-19
CVE-2021-39233 Container-related datanode operations can be called without authorization — Apache OzoneCWE-306 7.5 -2021-11-19
CVE-2021-39232 Missing admin check for SCM related admin commands — Apache OzoneCWE-862 8.8 -2021-11-19
CVE-2021-39231 Missing authentication/authorization on internal RPC endpoints — Apache OzoneCWE-862 9.1 -2021-11-19
CVE-2021-36372 Original block tokens are persisted and can be retrieved — Apache OzoneCWE-273 9.8 -2021-11-19
CVE-2021-42250 Possible log injection — Apache SupersetCWE-117 6.5 -2021-11-17
CVE-2021-37580 Apache ShenYu Admin bypass JWT authentication — Apache ShenYu AdminCWE-287 9.8 -2021-11-16
CVE-2021-41972 Credentials leak — Apache SupersetCWE-522 6.5 -2021-11-12
CVE-2021-43350 LDAP filter injection vulnerability in Traffic Ops — Apache Traffic ControlCWE-90 9.8 -2021-11-11
CVE-2021-26558 Deserialization of Untrusted Data — Apache ShardingSphere-UICWE-502 7.5 -2021-11-11
CVE-2021-43082 heap-buffer-overflow with stats-over-http plugin — Apache Traffic ServerCWE-120 9.8 -2021-11-03
CVE-2021-41585 ATS stops accepting connections on FreeBSD — Apache Traffic Server 7.5 -2021-11-03
CVE-2021-38161 Not validating origin TLS certificate — Apache Traffic ServerCWE-287 7.7 -2021-11-03
CVE-2021-37149 Request Smuggling - multiple attacks — Apache Traffic ServerCWE-20 7.5 -2021-11-03
CVE-2021-37148 Request Smuggling - transfer encoding validation — Apache Traffic ServerCWE-20 7.5 -2021-11-03
CVE-2021-37147 Request Smuggling - LF line ending — Apache Traffic ServerCWE-20 7.5 -2021-11-03
CVE-2021-27644 DolphinScheduler mysql jdbc connector parameters deserialize remote code execution — Apache DolphinSchedulerCWE-264 8.8 -2021-11-01
CVE-2021-41973 Apache MINA HTTP listener DOS — Apache MINACWE-835 6.5 -2021-11-01
CVE-2021-40865 Unsafe Pre-Authentication Deserialization In Workers — Apache StormCWE-502 9.8 -2021-10-25

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.