apache

2,905 tracked vulnerabilities.

CVE-2017-12619 HIGH
Apache Zeppelin <0.7.3 - Info Disclosure
Apr 23, 2019
CVSS 8.1
EPSS 0.01
CVE-2017-3164 HIGH
Apache Solr 1.3.0-7.6.0 - Server-Side Request Forgery via Shards Parameter
Mar 08, 2019
CVSS 7.5
EPSS 0.60
CVE-2017-17836 CRITICAL
Apache Airflow < 1.8.2 - Authenticated Credential Exposure via Experimental Feature
Jan 23, 2019
CVSS 9.8
EPSS 0.00
CVE-2017-17835 HIGH
Apache Airflow < 1.8.2 - Cross-Site Request Forgery
Jan 23, 2019
CVSS 8.8
EPSS 0.00
CVE-2017-15720 HIGH
Apache Airflow < 1.8.2 - Authenticated Remote Code Execution via Special Object Creation
Jan 23, 2019
CVSS 8.8
EPSS 0.00
CVE-2017-5658 MEDIUM
Apache Pony Mail 0.7-0.9 - Unauthenticated Exposure of Sensitive Information via Statistics Generator
Oct 04, 2018
CVSS 5.3
EPSS 0.01
CVE-2017-15705 MEDIUM
Apache SpamAssassin < 3.4.2 - Denial of Service via Unclosed HTML Tags
Sep 17, 2018
CVSS 5.3
EPSS 0.02
CVE-2017-12614 MEDIUM
Apache Airflow < 1.9.0 - Reflected Cross-Site Scripting in 404 Error Page
Aug 06, 2018
CVSS 6.1
EPSS 0.02
CVE-2017-12171 MEDIUM
Red Hat Enterprise Linux 6.9 - Info Disclosure
Jul 26, 2018
CVSS 6.5
EPSS 0.02
CVE-2017-12610 MEDIUM
Apache Kafka 0.10.0.0-0.10.2.1 and 0.11.0.0-0.11.0.1 - Authenticated Impersonation via SASL/PLAIN or SASL/SCRAM
Jul 26, 2018
CVSS 6.8
EPSS 0.01
CVE-2017-15695 HIGH
Apache Geode 1.0.0-1.4.0 - Remote Code Execution via Internal Function Invocation
Jun 13, 2018
CVSS 8.8
EPSS 0.02
CVE-2017-15691 MEDIUM
Apache UIMA < 2.10.2 - XML External Entity Injection
Apr 26, 2018
CVSS 6.5
EPSS 0.01
CVE-2017-15715 HIGH NUCLEI
Apache httpd <=2.4.29 - Arbitrary File Upload
Mar 26, 2018
CVSS 8.1
EPSS 0.94
CVE-2017-15710 HIGH
Apache HTTP Server 2.0.23-2.0.65, 2.2.0-2.2.34, 2.4.0-2.4.29 - Out-of-bounds Write in mod_authnz_ldap
Mar 26, 2018
CVSS 7.5
EPSS 0.12
CVE-2017-12174 HIGH
Apache ActiveMQ Artemis and HornetQ < 2.4.0 - Uncontrolled Resource Consumption via UDP Discovery
Mar 07, 2018
CVSS 7.5
EPSS 0.07
CVE-2017-12627 CRITICAL
Apache Xerces-C++ < 3.2.1 - Null Pointer Dereference via External DTD Path Processing
Mar 01, 2018
CVSS 9.8
EPSS 0.05
CVE-2017-7671 HIGH
Apache Traffic Server 5.2.0-5.3.2, 6.0.0-6.2.0, 7.0.0 - Denial of Service via TLS Handshake
Feb 27, 2018
CVSS 7.5
EPSS 0.04
CVE-2017-5660 HIGH
Apache Traffic Server <= 6.2.0 and <= 7.0.0 - Improper Input Validation via Host Header Line Folding
Feb 27, 2018
CVSS 8.6
EPSS 0.03
CVE-2017-15693 HIGH
Apache Geode < 1.4.0 - Remote Code Execution via Untrusted Data Deserialization
Feb 27, 2018
CVSS 7.5
EPSS 0.03
CVE-2017-15692 CRITICAL
Apache Geode < 1.4.0 - Remote Code Execution via TcpServer Deserialization
Feb 27, 2018
CVSS 9.8
EPSS 0.05
CVE-2017-15696 HIGH
Apache Geode 1.0.0-1.3.0 & geode-core 1.0.0-1.4.0 - Sensitive Info Exposure via Config Service
Feb 26, 2018
CVSS 7.5
EPSS 0.00
CVE-2017-15712 MEDIUM
Apache Oozie 3.1.3-4.3.0 and 5.0.0-beta1 - Path Traversal via Workflow XML File
Feb 19, 2018
CVSS 6.5
EPSS 0.01
CVE-2017-15699 MEDIUM
Apache Qpid Dispatch Router 0.7.0 and 0.8.0 - Denial of Service via Crafted AMQP Frame
Feb 13, 2018
CVSS 6.5
EPSS 0.02
CVE-2017-15709 LOW
Apache ActiveMQ 5.14.0-5.15.2 - Exposure of Sensitive System Information via OpenWire Protocol
Feb 13, 2018
CVSS 3.7
EPSS 0.66
CVE-2017-3160 HIGH
Apache Cordova < 6.1.2 - Unauthenticated Man-in-the-Middle Attack via Insecure Gradle Download
Feb 01, 2018
CVSS 7.4
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV