Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2021-44832 Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration — Apache Log4j2CWE-20 6.6 -2021-12-28
CVE-2021-45232 security vulnerability on unauthorized access. — Apache APISIX DashboardCWE-306 9.8 -2021-12-27
CVE-2021-44548 Apache Solr information disclosure vulnerability through DataImportHandler — Apache SolrCWE-40 8.8 -2021-12-23
CVE-2021-44224 Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier — Apache HTTP ServerCWE-476 8.2 -2021-12-20
CVE-2021-41561 Apache Parquet-MR potential DoS in case of malicious Parquet file — Apache ParquetCWE-20 7.5 -2021-12-20
CVE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier — Apache HTTP ServerCWE-787 9.8 -2021-12-20
CVE-2021-43083 Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response — Apache PLC4XCWE-119 8.1 -2021-12-19
CVE-2021-45105 Apache Log4j2 does not always protect from infinite recursion in lookup evaluation — Apache Log4j2CWE-20 5.9 -2021-12-18
CVE-2021-44145 Apache NiFi information disclosure by XXE — Apache NiFi 6.5 -2021-12-17
CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack — Apache Log4jCWE-917 9.0 -2021-12-14
CVE-2021-44549 SMTPS server hostname not checked when making TLS connection to SMTPS server — Apache Sling Commons Messaging MailCWE-295 7.4 -2021-12-14
CVE-2021-4104 Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2 — Apache Log4j 1.xCWE-502 7.5 -2021-12-14
CVE-2021-44228 Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints — Apache Log4j2CWE-502 9.9 -2021-12-10
CVE-2021-43410 airavata-django-portal allows CRLF log injection because of the lack of escaping in the log statements — Apache Airavata Django PortalCWE-117 5.3 -2021-12-09
CVE-2021-44140 Arbitrary file deletion on logout — Apache JSPWiki 9.1 -2021-11-24
CVE-2021-40369 XSS vulnerability on Denounce plugin — Apache JSPWiki 6.1 -2021-11-24
CVE-2021-43557 Path traversal in request_uri variable — Apache APISIX 9.1 -2021-11-22
CVE-2021-41532 Unauthenticated access to Ozone Recon HTTP endpoints — Apache OzoneCWE-200 5.3 -2021-11-19
CVE-2021-39236 Owners of the S3 tokens are not validated — Apache OzoneCWE-862 8.1 -2021-11-19
CVE-2021-39235 Access mode of block tokens are not enforced — Apache OzoneCWE-732 8.1 -2021-11-19
CVE-2021-39234 Raw block data can be read bypassing ACL/authorization — Apache OzoneCWE-20 6.8 -2021-11-19
CVE-2021-39233 Container-related datanode operations can be called without authorization — Apache OzoneCWE-306 7.5 -2021-11-19
CVE-2021-39232 Missing admin check for SCM related admin commands — Apache OzoneCWE-862 8.8 -2021-11-19
CVE-2021-39231 Missing authentication/authorization on internal RPC endpoints — Apache OzoneCWE-862 9.1 -2021-11-19
CVE-2021-36372 Original block tokens are persisted and can be retrieved — Apache OzoneCWE-273 9.8 -2021-11-19
CVE-2021-42250 Possible log injection — Apache SupersetCWE-117 6.5 -2021-11-17
CVE-2021-37580 Apache ShenYu Admin bypass JWT authentication — Apache ShenYu AdminCWE-287 9.8 -2021-11-16
CVE-2021-41972 Credentials leak — Apache SupersetCWE-522 6.5 -2021-11-12
CVE-2021-43350 LDAP filter injection vulnerability in Traffic Ops — Apache Traffic ControlCWE-90 9.8 -2021-11-11
CVE-2021-26558 Deserialization of Untrusted Data — Apache ShardingSphere-UICWE-502 7.5 -2021-11-11

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.