apache

2,905 tracked vulnerabilities.

CVE-2018-8032 MEDIUM
Apache Axis <= 1.4 - Cross-Site Scripting in Default Servlet
Aug 02, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-8034 HIGH
Apache Tomcat <9.0.10 - Info Disclosure
Aug 01, 2018
CVSS 7.5
EPSS 0.12
CVE-2018-8027 CRITICAL
Apache Camel 2.20.0-2.20.3 and 2.21.0 - XML External Entity Injection in XSD Validation Processor
Jul 31, 2018
CVSS 9.8
EPSS 0.03
CVE-2018-8020 HIGH
Apache Tomcat Native 1.2.0-1.2.16/1.1.23-1.1.34 - Info Disclosure
Jul 31, 2018
CVSS 7.4
EPSS 0.02
CVE-2018-8019 HIGH
Apache Tomcat Native 1.2.0-1.2.16, 1.1.23-1.1.34 - Info Disclosure
Jul 31, 2018
CVSS 7.4
EPSS 0.01
CVE-2018-1288 MEDIUM
Apache Kafka <1.0.0 - Privilege Escalation
Jul 26, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-8031 MEDIUM
Apache TomEE < 7.0.5 - Cross-Site Scripting via Malicious URL
Jul 23, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-11757 CRITICAL
Docker Skeleton Runtime for Apache OpenWhisk <1.3.0 - Code Injection
Jul 23, 2018
CVSS 9.8
EPSS 0.03
CVE-2018-11756 CRITICAL
PHP Runtime for Apache OpenWhisk - Code Injection
Jul 23, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-8018 CRITICAL
Apache Ignite <2.4.8, <2.5.3 - Code Injection
Jul 20, 2018
CVSS 9.8
EPSS 0.04
CVE-2018-8042 HIGH
Apache Ambari <2.6.2 - Info Disclosure
Jul 18, 2018
CVSS 8.1
EPSS 0.01
CVE-2018-8011 HIGH NUCLEI
Apache HTTP Server <2.4.34 - Use After Free
Jul 18, 2018
CVSS 7.5
EPSS 0.78
CVE-2018-8024 MEDIUM NUCLEI
Apache Spark 2.1.0-2.1.2, 2.2.0-2.2.1, 2.3.0 - Cross-Site Scripting via Job and Stage Info Pages
Jul 12, 2018
CVSS 5.4
EPSS 0.61
CVE-2018-1334 MEDIUM
Apache Spark 1.0.0-2.1.2, 2.2.0-2.2.1, 2.3.0 - Unauthorized User Impersonation via Local Connection
Jul 12, 2018
CVSS 4.7
EPSS 0.00
CVE-2018-8007 HIGH
Apache CouchDB - Privilege Escalation
Jul 11, 2018
CVSS 7.2
EPSS 0.18
CVE-2018-1331 HIGH
Apache Storm <1.3 - Privilege Escalation
Jul 10, 2018
CVSS 8.8
EPSS 0.05
CVE-2018-1337 CRITICAL
Apache Directory LDAP API < 1.0.2 - Exposure of Sensitive Information via TLS Handshake Bypass
Jul 10, 2018
CVSS 9.8
EPSS 0.03
CVE-2018-8026 MEDIUM
Apache Solr 6.0.0-6.6.4 and 7.0.0-7.3.1 - XML External Entity Injection via Config File Upload
Jul 05, 2018
CVSS 5.5
EPSS 0.04
CVE-2018-8038 HIGH
Apache CXF Fediz <1.4.4 - Info Disclosure
Jul 05, 2018
CVSS 7.5
EPSS 0.50
CVE-2018-8036 MEDIUM
Apache PDFBox <2.0.11 - Memory Corruption
Jul 03, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-8039 HIGH
Apache CXF < 3.1.16 and 3.2.0-3.2.5 - Improper TLS Hostname Verification
Jul 02, 2018
CVSS 8.1
EPSS 0.03
CVE-2018-8016 CRITICAL
Apache Cassandra 3.8-3.11.1 - Unauthenticated Remote Code Execution via JMX/RMI Interface
Jun 28, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-1306 HIGH
Apache Pluto 3.0.0 - Exposure of Sensitive Information via File Upload Path Disclosure
Jun 27, 2018
CVSS 7.5
EPSS 0.69
CVE-2018-8025 HIGH
Apache HBase - Privilege Escalation
Jun 27, 2018
CVSS 8.1
EPSS 0.01
CVE-2018-8030 HIGH
Apache Qpid Broker-J 7.0.0-7.0.4 - Denial of Service via Oversized AMQP Message
Jun 20, 2018
CVSS 7.5
EPSS 0.01
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV