apache

2,905 tracked vulnerabilities.

CVE-2018-14889 HIGH
CouchDB - Local Code Execution
Sep 21, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-8023 MEDIUM
Apache Mesos <1.4.2, 1.5.0, 1.5.1, 1.6.0 - Timing Attack
Sep 21, 2018
CVSS 5.9
EPSS 0.01
CVE-2018-8017 MEDIUM
Apache Tika <1.19 - Info Disclosure
Sep 19, 2018
CVSS 5.5
EPSS 0.02
CVE-2018-11762 MEDIUM
Apache Tika 0.9-1.18 - Path Traversal via Embedded File with Absolute Path
Sep 19, 2018
CVSS 5.9
EPSS 0.01
CVE-2018-11761 HIGH
Apache Tika 0.1-1.18 - XML External Entity Injection
Sep 19, 2018
CVSS 7.5
EPSS 0.11
CVE-2018-11787 HIGH
Apache Karaf < 3.0.9 - Unauthenticated Remote Command Execution via Pax Web Extender Whiteboard
Sep 18, 2018
CVSS 8.1
EPSS 0.01
CVE-2018-11786 HIGH
Apache Karaf < 4.2.0 - Unauthenticated Arbitrary File Read and Write via SSH Console
Sep 18, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-8041 MEDIUM
Apache Camel's Mail <2.22.0 - Path Traversal
Sep 17, 2018
CVSS 5.3
EPSS 0.02
CVE-2018-11781 HIGH
Apache SpamAssassin < 3.4.2 - Local Code Injection via Meta Rule Syntax
Sep 17, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-11780 CRITICAL
Apache SpamAssassin < 3.4.2 - Remote Code Execution via PDFInfo Plugin
Sep 17, 2018
CVSS 9.8
EPSS 0.07
CVE-2018-1330 HIGH
Apache Mesos 1.4.0-1.5.0 - Denial of Service via Malformed JSON Payload
Sep 13, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-11775 HIGH
Apache ActiveMQ < 5.15.6 - Improper Certificate Validation
Sep 10, 2018
CVSS 7.4
EPSS 0.00
CVE-2018-8040 MEDIUM
Apache Traffic Server <6.2.2, <7.1.3 - Info Disclosure
Aug 29, 2018
CVSS 5.3
EPSS 0.08
CVE-2018-8022 HIGH
Apache Traffic Server <6.2.2 - Use After Free
Aug 29, 2018
CVSS 7.5
EPSS 0.06
CVE-2018-8005 MEDIUM
Apache Traffic Server <6.2.2, <7.1.3 - Info Disclosure
Aug 29, 2018
CVSS 5.3
EPSS 0.07
CVE-2018-8004 MEDIUM
Apache Traffic Server <6.2.2, <7.1.3 - SSRF
Aug 29, 2018
CVSS 6.5
EPSS 0.03
CVE-2018-1318 HIGH
Apache Traffic Server 6.0.0-6.2.2 and 7.0.0-7.1.3 - Denial of Service via Method ACLs in remap.config
Aug 29, 2018
CVSS 7.5
EPSS 0.15
CVE-2018-8028 HIGH
Apache Sentry <2.0.1 - Privilege Escalation
Aug 23, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-11758 HIGH
Apache Cayenne < 3.1.3 - XML External Entity Injection in CayenneModeler
Aug 22, 2018
CVSS 8.1
EPSS 0.00
CVE-2018-11776 HIGH KEVNUCLEI
Apache Struts 2 Namespace Redirect OGNL Injection
Aug 22, 2018
CVSS 8.1
EPSS 0.94
CVE-2018-11771 MEDIUM
Apache Commons Compress 1.7-1.17 - Denial of Service via Malformed ZIP Archive
Aug 16, 2018
CVSS 5.5
EPSS 0.01
CVE-2018-11770 MEDIUM
Apache Spark 1.3.0-2.3.3 - Unauthenticated Job Submission via REST API
Aug 13, 2018
CVSS 4.2
EPSS 0.89
CVE-2018-11769 HIGH
Apache CouchDB < 2.2.0 - Authenticated Privilege Escalation and Remote Code Execution via HTTP API Configuration Bypass
Aug 08, 2018
CVSS 7.2
EPSS 0.06
CVE-2018-8037 MEDIUM
Apache Tomcat 8.5.5-8.5.31 and 9.0.0.M9-9.0.9 - Information Disclosure via Race Condition
Aug 02, 2018
CVSS 5.9
EPSS 0.08
CVE-2018-1336 HIGH
Apache Tomcat 7.0.28-7.0.86, 8.0.0.RC1-8.0.51, 8.5.0-8.5.30, 9.0.0.M9-9.0.7 DoS via UTF-8 Decoder Infinite Loop
Aug 02, 2018
CVSS 7.5
EPSS 0.19
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV