apache

2,904 tracked vulnerabilities.

CVE-2018-1328 MEDIUM
Apache Zeppelin < 0.8.0 - Stored Cross-Site Scripting via Note Permissions
Apr 23, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-1317 HIGH
Apache Zeppelin < 0.8.0 - Unauthenticated Arbitrary Paragraph Execution via Cron Scheduler
Apr 23, 2019
CVSS 8.8
EPSS 0.03
CVE-2018-11789 HIGH
Apache Heron 0.13.0-0.17.7 - Path Traversal via UI File Path Parameter
Mar 21, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-11767 HIGH
Apache Hadoop 2.7.5-2.7.6, 2.8.3-2.8.4, 2.9.0-2.9.1 - Improper Privilege Management in KMS
Mar 21, 2019
CVSS 7.4
EPSS 0.02
CVE-2018-11783 HIGH
Apache Traffic Server 6.0.0-6.0.3 7.0.0-7.1.5 8.0.0-8.0.1 - Exposure of Sensitive Information via sslheaders Plugin
Mar 07, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-11793 HIGH
Apache Mesos < 1.4.3 - Denial of Service via JSON Parser Stack Overflow
Mar 05, 2019
CVSS 7.5
EPSS 0.05
CVE-2018-20244 MEDIUM
Apache Airflow < 1.10.2 - Stored Cross-Site Scripting via Metadata Database State Manipulation
Feb 27, 2019
CVSS 5.5
EPSS 0.01
CVE-2018-20242 MEDIUM
Apache JSPWiki < 2.10.5 - Cross-Site Scripting via Crafted URL
Feb 11, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-1340 HIGH
Apache Guacamole < 1.0.0 - Unauthenticated Session Token Exposure via Insecure Cookie
Feb 07, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-1296 HIGH
Apache Hadoop 2.5.0-2.7.5 and 2.8.0-2.8.3 - Unauthorized Exposure of Extended Attributes
Feb 07, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-11803 HIGH
Subversion's mod_dav_svn <1.11.0-1.10.3 - Use After Free
Feb 05, 2019
CVSS 7.5
EPSS 0.07
CVE-2018-11760 MEDIUM
PySpark <2.3.1 - Privilege Escalation
Feb 04, 2019
CVSS 5.5
EPSS 0.00
CVE-2018-11790 HIGH
Apache Open Office <4.1.5 - Memory Corruption
Jan 31, 2019
CVSS 7.8
EPSS 0.01
CVE-2018-17199 HIGH
Apache HTTP Server <2.4.38 - Info Disclosure
Jan 30, 2019
CVSS 7.5
EPSS 0.10
CVE-2018-17189 MEDIUM
Apache HTTP Server <= 2.4.37 - Denial of Service via Slow Loris HTTP/2 Request
Jan 30, 2019
CVSS 5.3
EPSS 0.08
CVE-2018-20245 HIGH
Apache Airflow <1.10.1 - Info Disclosure
Jan 23, 2019
CVSS 7.5
EPSS 0.00
CVE-2018-1000421 MEDIUM
Jenkins Mesos Plugin <0.17.1 - Auth Bypass
Jan 09, 2019
CVSS 6.5
EPSS 0.00
CVE-2018-1000420 MEDIUM
Jenkins Mesos Plugin <0.17.1 - Auth Bypass
Jan 09, 2019
CVSS 6.5
EPSS 0.00
CVE-2018-1320 HIGH
Apache Thrift 0.5.0-0.11.0 - Improper Certificate Validation in SASL Negotiation
Jan 07, 2019
CVSS 7.5
EPSS 0.00
CVE-2018-11798 MEDIUM
Apache Thrift Node.js <0.11.0 - Path Traversal
Jan 07, 2019
CVSS 6.5
EPSS 0.00
CVE-2018-11788 CRITICAL
Apache Karaf < 4.1.7 and 4.2.0-4.2.2 - XML External Entity Injection via Features XML Deployer
Jan 07, 2019
CVSS 9.8
EPSS 0.25
CVE-2018-17188 HIGH
CouchDB <2.3.0 - Privilege Escalation
Jan 02, 2019
CVSS 7.2
EPSS 0.01
CVE-2018-17191 CRITICAL
Apache NetBeans (incubating) 9.0 - RCE
Dec 31, 2018
CVSS 9.8
EPSS 0.03
CVE-2018-17197 MEDIUM
Apache Tika <1.19.1 - Info Disclosure
Dec 24, 2018
CVSS 6.5
EPSS 0.03
CVE-2018-11799 MEDIUM
Apache Oozie <5.0.0 - Privilege Escalation
Dec 19, 2018
CVSS 6.5
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV