Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2021-43082 heap-buffer-overflow with stats-over-http plugin — Apache Traffic ServerCWE-120 9.8 -2021-11-03
CVE-2021-41585 ATS stops accepting connections on FreeBSD — Apache Traffic Server 7.5 -2021-11-03
CVE-2021-38161 Not validating origin TLS certificate — Apache Traffic ServerCWE-287 7.7 -2021-11-03
CVE-2021-37149 Request Smuggling - multiple attacks — Apache Traffic ServerCWE-20 7.5 -2021-11-03
CVE-2021-37148 Request Smuggling - transfer encoding validation — Apache Traffic ServerCWE-20 7.5 -2021-11-03
CVE-2021-37147 Request Smuggling - LF line ending — Apache Traffic ServerCWE-20 7.5 -2021-11-03
CVE-2021-27644 DolphinScheduler mysql jdbc connector parameters deserialize remote code execution — Apache DolphinSchedulerCWE-264 8.8 -2021-11-01
CVE-2021-41973 Apache MINA HTTP listener DOS — Apache MINACWE-835 6.5 -2021-11-01
CVE-2021-40865 Unsafe Pre-Authentication Deserialization In Workers — Apache StormCWE-502 9.8 -2021-10-25
CVE-2021-38294 Shell Command Injection Vulnerability in Nimbus Thrift Server — Apache StormCWE-74 9.8 -2021-10-25
CVE-2021-41971 Possible SQL Injection when template processing is enabled — Apache SupersetCWE-89 8.8 -2021-10-18
CVE-2021-32609 XSS vulnerability on Explore page — Apache SupersetCWE-79 6.4 -2021-10-18
CVE-2021-42340 DoS via memory leak with WebSocket connections — Apache TomcatCWE-772 7.5 -2021-10-14
CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments — Apache CouchDB 7.3 -2021-10-14
CVE-2021-42009 Apache Traffic Control Traffic Ops Email Injection Vulnerability — Apache Traffic ControlCWE-20 4.3 -2021-10-12
CVE-2021-41832 Content Manipulation with Certificate Validation Attack — Apache OpenOfficeCWE-347 7.5 -2021-10-11
CVE-2021-41831 Timestamp Manipulation with Signature Wrapping — Apache OpenOfficeCWE-347 4.0 -2021-10-11
CVE-2021-41830 Double Certificate Attack — Apache OpenOfficeCWE-347 7.5 -2021-10-11
CVE-2021-42013 Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) — Apache HTTP ServerCWE-22 9.8 -2021-10-07
CVE-2021-40439 Billion Laughs — Apache OpenOfficeCWE-611 8.1 -2021-10-07
CVE-2021-28129 DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid — Apache OpenOfficeCWE-284 7.1 -2021-10-07
CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 — Apache HTTP ServerCWE-22 9.1 -2021-10-05
CVE-2021-41524 null pointer dereference in h2 fuzzing — Apache HTTP ServerCWE-476 7.5 -2021-10-05
CVE-2021-41616 Apache ddlutils 1.0 readobject vulnerability — Apache DB ddlutilsCWE-502 9.8 -2021-09-30
CVE-2021-36749 Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920) — Apache Druid 6.5 -2021-09-24
CVE-2021-33035 Buffer overflow from a crafted DBF file — Apache OpenOfficeCWE-120 7.8 -2021-09-23
CVE-2021-38153 Timing Attack Vulnerability for Apache Kafka Connect and Clients — Apache KafkaCWE-203 5.9 -2021-09-22
CVE-2021-40690 Bypass of the secureValidation property — Apache SantuarioCWE-200 7.5 -2021-09-19
CVE-2021-41303 Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass — Apache ShiroCWE-287 9.8 -2021-09-17
CVE-2021-41079 Apache Tomcat DoS with unexpected TLS packet — Apache TomcatCWE-20 7.5 -2021-09-16

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.