apache

2,905 tracked vulnerabilities.

CVE-2018-1284 LOW
Apache Hive 0.6.0-2.3.2 - Unauthorized File Content Exposure via XPath UDFs
Apr 05, 2018
CVSS 3.7
EPSS 0.00
CVE-2018-1282 CRITICAL
Apache Hive JDBC Driver 0.7.1-2.3.2 - SQL Injection via PreparedStatement Argument Bypass
Apr 05, 2018
CVSS 9.1
EPSS 0.00
CVE-2018-1295 CRITICAL
Apache Ignite < 2.3.0 - Remote Code Execution via Untrusted Data Deserialization
Apr 02, 2018
CVSS 9.8
EPSS 0.06
CVE-2018-1327 HIGH
Apache Struts 2.1.1-2.5.14.1 and struts2-rest-plugin 2.1.1-2.5.16 - Denial of Service via Malicious XML Payload
Mar 27, 2018
CVSS 7.5
EPSS 0.06
CVE-2018-1312 CRITICAL
Apache HTTP Server 2.2.0-2.4.29 - Improper Authentication via Nonce Generation
Mar 26, 2018
CVSS 9.8
EPSS 0.07
CVE-2018-1303 HIGH
Debian Linux < 2.4.29 - Out-of-Bounds Read
Mar 26, 2018
CVSS 7.5
EPSS 0.35
CVE-2018-1302 MEDIUM
Apache HTTP Server < 2.4.30 - NULL Pointer Dereference in HTTP/2 Stream Handling
Mar 26, 2018
CVSS 5.9
EPSS 0.12
CVE-2018-1301 MEDIUM
Apache HTTP Server < 2.4.30 - Denial of Service via Crafted HTTP Header
Mar 26, 2018
CVSS 5.9
EPSS 0.07
CVE-2018-1283 MEDIUM
Apache httpd 2.4.0-2.4.29 - Info Disclosure
Mar 26, 2018
CVSS 5.3
EPSS 0.04
CVE-2018-1322 MEDIUM
Apache Syncope 1.2.0-1.2.10 - Information Disclosure via FIQL and ORDER BY Parameters
Mar 20, 2018
CVSS 4.9
EPSS 0.07
CVE-2018-1321 HIGH
Apache Syncope 1.2.0-1.2.10 - Authenticated Remote Code Execution via XSLT
Mar 20, 2018
CVSS 7.2
EPSS 0.06
CVE-2018-1294 HIGH
Apache Commons Email < 1.5 - Email Header Injection via Bounce Address
Mar 20, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-1324 MEDIUM
Apache Commons Compress 1.11-1.15 - Denial of Service via ZIP Extra Field Parser
Mar 16, 2018
CVSS 5.5
EPSS 0.02
CVE-2018-1319 MEDIUM
Apache Allura < 1.8.0 - HTTP Response Splitting via Crafted URL
Mar 15, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-1323 HIGH
Apache Tomcat JK Connector 1.2.0-1.2.42 - Path Traversal via IIS/ISAPI Request Path Normalization
Mar 12, 2018
CVSS 7.5
EPSS 0.38
CVE-2018-1316 HIGH
Apache ODE 1.1.1-1.3.2 - Path Traversal and Arbitrary File Write via Process Deployment Web Service
Mar 05, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-1304 MEDIUM
Apache Tomcat <9.0.5-7.0.85 - Info Disclosure
Feb 28, 2018
CVSS 5.9
EPSS 0.03
CVE-2018-1286 MEDIUM
Apache OpenMeetings 3.0.0-4.0.1 - Authenticated Denial of Service via Privileged User CRUD Operations
Feb 28, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-1305 MEDIUM
Apache Tomcat 7.0.0-9.0.4 - Privilege Escalation
Feb 23, 2018
CVSS 6.5
EPSS 0.22
CVE-2018-1287 CRITICAL
Apache JMeter <3.X - Code Injection
Feb 14, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-1297 CRITICAL
Apache JMeter 2.x-3.x - Unauthenticated Remote Code Execution via Unsecured RMI Connection
Feb 13, 2018
CVSS 9.8
EPSS 0.18
CVE-2018-1307 HIGH
Apache jUDDI 3.2-3.3.4 - XML External Entity Injection via WADL2Java or WSDL2Java
Feb 09, 2018
CVSS 8.1
EPSS 0.01
CVE-2018-1298 MEDIUM
Apache Qpid Broker-J 7.0.0 - Unauthenticated Denial of Service via PLAIN or XOAUTH2 SASL Mechanism
Feb 09, 2018
CVSS 5.9
EPSS 0.01
CVE-2018-1299 HIGH
Apache Allura < 1.8.0 - Unauthenticated Arbitrary File Read via Path Traversal
Feb 06, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-15694 MEDIUM
Apache Geode <1.9.0 - Privilege Escalation
Jun 21, 2019
CVSS 6.5
EPSS 0.01
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV