apache

3,096 tracked vulnerabilities.

CVE-2019-0202 HIGH
Apache Storm 0.9.1-incubating-1.2.2 - Unauthenticated Sensitive Information Exposure via Logviewer Endpoint
Jul 26, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-0234 MEDIUM
Apache Roller - Reflected Cross-Site Scripting in Math Comment Authenticator
Jul 15, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10072 HIGH
Apache Tomcat <9.0.19, <8.5.40 - DoS
Jun 21, 2019
CVSS 7.5
EPSS 0.73
CVE-2019-10085 MEDIUM
Apache Allura < 1.11.0 - Stored Cross-Site Scripting in User Dropdown Selector
Jun 19, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-0197 MEDIUM
Apache HTTP Server 2.4.34-2.4.38 - Denial of Service via HTTP/2 Upgrade Request
Jun 11, 2019
CVSS 4.2
EPSS 0.08
CVE-2019-0196 MEDIUM
Apache HTTP Server 2.4.17-2.4.38 - Use-After-Free in HTTP/2 Request Handling
Jun 11, 2019
CVSS 5.3
EPSS 0.19
CVE-2019-0220 MEDIUM
Apache HTTP Server <2.4.39 - Path Traversal
Jun 11, 2019
CVSS 5.3
EPSS 0.18
CVE-2019-0221 MEDIUM NUCLEI
Apache Tomcat 7.0.0-7.0.93 and 8.5.0-8.5.39 and 9.0.0.M1-9.0.0.17 - Cross-Site Scripting via SSI printenv Command
May 28, 2019
CVSS 6.1
EPSS 0.46
CVE-2019-0188 HIGH
Apache Camel < 2.24.0 - XML External Entity Injection in camel-xmljson Component
May 28, 2019
CVSS 7.5
EPSS 0.08
CVE-2019-0201 MEDIUM
Apache ZooKeeper 1.0.0-3.4.13 and 3.5.0-alpha-3.5.4-beta - Unauthenticated Information Disclosure via getACL() Command
May 23, 2019
CVSS 5.9
EPSS 0.10
CVE-2019-10078 MEDIUM
Apache JSPWiki 2.9.0-2.11.0.M3 - Cross-Site Scripting via Plugin Link Invocation
May 20, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-10077 MEDIUM
Apache JSPWiki 2.9.0-2.11.0.M3 - Cross-Site Scripting via InterWiki Link
May 20, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-10076 MEDIUM
Apache JSPWiki 2.9.0-2.11.0.M3 - Stored Cross-Site Scripting via Malicious Attachment
May 20, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-0226 MEDIUM
Apache Karaf < 4.2.5 - Path Traversal and Arbitrary File Write via Config Service Install Method
May 09, 2019
CVSS 4.9
EPSS 0.02
CVE-2019-0227 HIGH
Apache Axis 1.4 - Server-Side Request Forgery
May 01, 2019
CVSS 7.5
EPSS 0.87
CVE-2019-0214 MEDIUM
Apache Archiva <2.2.3 - Path Traversal
Apr 30, 2019
CVSS 6.5
EPSS 0.05
CVE-2019-0213 MEDIUM
Apache Archiva < 2.2.4 - Stored Cross-Site Scripting via Logo URL Configuration
Apr 30, 2019
CVSS 6.5
EPSS 0.05
CVE-2019-0194 HIGH
Apache Camel 2.0.0-2.19.0 and 2.21.0-2.21.4 - Path Traversal
Apr 30, 2019
CVSS 7.5
EPSS 0.08
CVE-2019-0186 MEDIUM
Apache Pluto Chat Room Demo 3.0.0-3.0.1 - Cross-Site Scripting
Apr 26, 2019
CVSS 6.1
EPSS 0.21
CVE-2019-2684 MEDIUM
Oracle JDK and JRE - Unauthenticated Data Manipulation via RMI
Apr 23, 2019
CVSS 5.9
EPSS 0.38
CVE-2019-0223 HIGH
Apache Qpid 0.9-0.27.0 - Unauthenticated TLS Peer Certificate Verification Bypass
Apr 23, 2019
CVSS 7.4
EPSS 0.06
CVE-2019-0218 MEDIUM
Apache Pony Mail 0.8-0.9 - Reflected Cross-Site Scripting via Crafted URL
Apr 22, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-10241 MEDIUM
Eclipse Jetty <= 9.2.26, <= 9.3.25, <= 9.4.15 - Cross-Site Scripting via Directory Listing
Apr 22, 2019
CVSS 6.1
EPSS 0.10
CVE-2019-0228 CRITICAL
Apache PDFBox 2.0.14 - XML External Entity Injection via XFDF
Apr 17, 2019
CVSS 9.8
EPSS 0.09
CVE-2019-0232 HIGH NUCLEI
Apache Tomcat 7.0.0-7.0.93, 8.5.0-8.5.39, 9.0.0.M1-9.0.17 - Remote Code Execution via CGI Servlet
Apr 15, 2019
CVSS 8.1
EPSS 1.00