apache

2,904 tracked vulnerabilities.

CVE-2019-12397 MEDIUM
Apache Ranger 0.7.0-1.2.0 - Cross-Site Scripting in Policy Import Functionality
Aug 08, 2019
CVSS 6.1
EPSS 0.02
CVE-2019-10099 HIGH
Apache Spark < 1.6.3 and 2.0.0-2.3.2 - Cleartext Storage of Sensitive Information
Aug 07, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-10094 HIGH
Apache Tika 1.7-1.21 - Denial of Service via RecursiveParserWrapper
Aug 02, 2019
CVSS 7.8
EPSS 0.01
CVE-2019-10093 MEDIUM
Apache Tika 1.19-1.21 - Denial of Service via Crafted 2003ml or 2006ml File
Aug 02, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10088 HIGH
Apache Tika <1.22 - Memory Corruption
Aug 02, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0193 HIGH KEVNUCLEI
Apache Solr < 7.7.3 and 8.0.0-8.1.1 - Remote Code Execution via DataImportHandler dataConfig Parameter
Aug 01, 2019
CVSS 7.2
EPSS 0.93
CVE-2019-14439 HIGH
FasterXML jackson-databind <2.9.9.2 - Info Disclosure
Jul 30, 2019
CVSS 7.5
EPSS 0.10
CVE-2019-13990 CRITICAL
Terracotta Quartz Scheduler <2.3.0 - SSRF
Jul 26, 2019
CVSS 9.8
EPSS 0.13
CVE-2019-0202 HIGH
Apache Storm 0.9.1-incubating-1.2.2 - Unauthenticated Sensitive Information Exposure via Logviewer Endpoint
Jul 26, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-0234 MEDIUM
Apache Roller - Reflected Cross-Site Scripting in Math Comment Authenticator
Jul 15, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-10072 HIGH
Apache Tomcat <9.0.19, <8.5.40 - DoS
Jun 21, 2019
CVSS 7.5
EPSS 0.71
CVE-2019-10085 MEDIUM
Apache Allura < 1.11.0 - Stored Cross-Site Scripting in User Dropdown Selector
Jun 19, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0197 MEDIUM
Apache HTTP Server 2.4.34-2.4.38 - Denial of Service via HTTP/2 Upgrade Request
Jun 11, 2019
CVSS 4.2
EPSS 0.02
CVE-2019-0196 MEDIUM
Apache HTTP Server 2.4.17-2.4.38 - Use-After-Free in HTTP/2 Request Handling
Jun 11, 2019
CVSS 5.3
EPSS 0.09
CVE-2019-0220 MEDIUM
Apache HTTP Server <2.4.39 - Path Traversal
Jun 11, 2019
CVSS 5.3
EPSS 0.24
CVE-2019-0221 MEDIUM NUCLEI
Apache Tomcat 7.0.0-7.0.93 and 8.5.0-8.5.39 and 9.0.0.M1-9.0.0.17 - Cross-Site Scripting via SSI printenv Command
May 28, 2019
CVSS 6.1
EPSS 0.14
CVE-2019-0188 HIGH
Apache Camel < 2.24.0 - XML External Entity Injection in camel-xmljson Component
May 28, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-0201 MEDIUM
Apache ZooKeeper 1.0.0-3.4.13 and 3.5.0-alpha-3.5.4-beta - Unauthenticated Information Disclosure via getACL() Command
May 23, 2019
CVSS 5.9
EPSS 0.00
CVE-2019-10078 MEDIUM
Apache JSPWiki 2.9.0-2.11.0.M3 - Cross-Site Scripting via Plugin Link Invocation
May 20, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10077 MEDIUM
Apache JSPWiki 2.9.0-2.11.0.M3 - Cross-Site Scripting via InterWiki Link
May 20, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10076 MEDIUM
Apache JSPWiki 2.9.0-2.11.0.M3 - Stored Cross-Site Scripting via Malicious Attachment
May 20, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-0226 MEDIUM
Apache Karaf < 4.2.5 - Path Traversal and Arbitrary File Write via Config Service Install Method
May 09, 2019
CVSS 4.9
EPSS 0.02
CVE-2019-0227 HIGH
Apache Axis 1.4 - Server-Side Request Forgery
May 01, 2019
CVSS 7.5
EPSS 0.90
CVE-2019-0214 MEDIUM
Apache Archiva <2.2.3 - Path Traversal
Apr 30, 2019
CVSS 6.5
EPSS 0.02
CVE-2019-0213 MEDIUM
Apache Archiva < 2.2.4 - Stored Cross-Site Scripting via Logo URL Configuration
Apr 30, 2019
CVSS 6.5
EPSS 0.01
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV