apache

2,905 tracked vulnerabilities.

CVE-2018-1333 HIGH
Apache HTTP Server 2.4.18-2.4.30,2.4.33 - Denial of Service via HTTP/2 Request Handling
Jun 18, 2018
CVSS 7.5
EPSS 0.21
CVE-2018-1281 MEDIUM
Apache MXNet < 1.0.0 - Unintended Network Exposure via DMLC_PS_ROOT_URI Bypass
Jun 08, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8008 MEDIUM
Apache Storm <1.0.6, <1.2.1, <1.1.2 - Path Traversal
Jun 05, 2018
CVSS 5.5
EPSS 0.15
CVE-2018-1332 MEDIUM
Apache Storm < 1.0.6, 1.1.3, 1.2.1 - User Impersonation via Daemon Communication
Jun 05, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8013 CRITICAL
Apache Batik 1.x -<1.10 - Deserialization
May 24, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-1310 HIGH
Apache NiFi < 1.6.0 - Denial of Service via JMS Deserialization
May 23, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-1309 CRITICAL
Apache NiFi < 1.6.0 - XML External Entity Injection in SplitXML Processor
May 23, 2018
CVSS 9.8
EPSS 0.04
CVE-2018-8012 HIGH
Apache ZooKeeper <3.4.10, <3.5.0-alpha-<3.5.3-beta - DoS
May 21, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-8010 MEDIUM
Apache Solr 6.0.0-6.6.3 and 7.0.0-7.3.0 - XML External Entity Injection in Config Files
May 21, 2018
CVSS 5.5
EPSS 0.02
CVE-2018-8015 HIGH
Apache ORC 1.0.0-1.4.3 - Uncontrolled Recursion via Malformed ORC File
May 18, 2018
CVSS 7.5
EPSS 0.04
CVE-2018-8014 CRITICAL
Apache Tomcat 9.0.0.M1-9.0.8, 8.5.0-8.5.31, 8.0.0.RC1-8.0.52, 7.0.4...
May 16, 2018
CVSS 9.8
EPSS 0.61
CVE-2018-1313 MEDIUM
Apache Derby 10.3.1.4-10.14.1.0 - Info Disclosure
May 07, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-8003 MEDIUM
Apache Ambari <2.6.1 - Path Traversal
May 03, 2018
CVSS 5.3
EPSS 0.02
CVE-2018-10583 HIGH
LibreOffice 6.0.3 - Apache OpenOffice Writer 4.1.5 - Info Disclosure
May 01, 2018
CVSS 7.5
EPSS 0.72
CVE-2018-1339 MEDIUM
Apache Tika < 1.18 - Denial of Service via Infinite Loop in ChmParser
Apr 25, 2018
CVSS 5.5
EPSS 0.05
CVE-2018-1338 MEDIUM
Apache Tika < 1.18 - Denial of Service via Infinite Loop in BPGParser
Apr 25, 2018
CVSS 5.5
EPSS 0.03
CVE-2018-1335 HIGH NUCLEI
Apache Tika <1.18 - Command Injection
Apr 25, 2018
CVSS 8.1
EPSS 0.94
CVE-2018-1292 HIGH
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating - SQL Injection via Report Name Parameter
Apr 20, 2018
CVSS 8.1
EPSS 0.01
CVE-2018-1291 HIGH
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating - SQL Injection via OrderBy Query Parameter
Apr 20, 2018
CVSS 8.1
EPSS 0.00
CVE-2018-1290 CRITICAL
Apache Fineract - SQL Injection via Single Quotation Escape in Audit and Makerchecker API Methods
Apr 20, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-1289 HIGH
Apache Fineract SQL Injection via orderBy/sortOrder Parameters
Apr 20, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-2799 MEDIUM
Oracle JDK and JRE - Unauthenticated Partial Denial of Service in JAXP
Apr 19, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-1273 CRITICAL KEVNUCLEI
Spring Data Commons < 1.13.11 - Unauthenticated Remote Code Execution via Property Binder
Apr 11, 2018
CVSS 9.8
EPSS 0.94
CVE-2018-1308 HIGH
Apache Solr 1.2-6.6.2 and 7.0.0-7.2.1 - XML External Entity Injection via DataImportHandler Inline XML Parameter
Apr 09, 2018
CVSS 7.5
EPSS 0.04
CVE-2018-1315 LOW
Apache Hive 2.1.0-2.3.2 - Arbitrary File Write via HPL/SQL COPY FROM FTP Statement
Apr 05, 2018
CVSS 3.7
EPSS 0.01
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV