apache
3,096 tracked vulnerabilities.
CVE-2018-1311
HIGH
Apache Xerces-C++ 3.0.0-3.2.3 - Use-After-Free in External DTD Scanning
Dec 18, 2019
CVSS 8.1
EPSS 0.10
CVE-2018-11805
MEDIUM
Apache SpamAssassin <3.4.3 - Code Injection
Dec 12, 2019
CVSS 6.7
EPSS 0.01
CVE-2018-11768
HIGH
Apache Hadoop 2.0.0-2.9.1, 3.0.0-3.0.3, 3.1.0-3.1.1 Memory Corruption
Oct 04, 2019
CVSS 7.5
EPSS 0.07
CVE-2018-11782
MEDIUM
Apache Subversion <= 1.9.10, 1.10.4, 1.12.0 - Denial of Service via Read-Only Request
Sep 26, 2019
CVSS 6.5
EPSS 0.02
CVE-2018-17200
CRITICAL
Apache OFBiz 16.11.01-16.11.05 - Remote Code Execution via XStream Deserialization in HTTP Service Endpoint
Sep 11, 2019
CVSS 9.8
EPSS 0.05
CVE-2018-11774
HIGH
Apache Virtual Computing Lab 2.1-2.5 - Authenticated SQL Injection
Jul 29, 2019
CVSS 7.2
EPSS 0.01
CVE-2018-11773
CRITICAL
Apache Virtual Computing Lab 2.1-2.5 - Improper Input Validation via Block Allocation Form
Jul 29, 2019
CVSS 9.8
EPSS 0.02
CVE-2018-11772
HIGH
Apache Virtual Computing Lab 2.1-2.5 - Authenticated SQL Injection via Privilege Tree Cookie
Jul 29, 2019
CVSS 7.2
EPSS 0.01
CVE-2018-11779
CRITICAL
Apache Storm 1.1.0-1.2.2 - Deserialization of Untrusted Data via Storm UI Daemon
Jul 26, 2019
CVSS 9.8
EPSS 0.03
CVE-2018-17196
HIGH
Apache Kafka 0.11.0.0-2.1.0 - Authenticated ACL Bypass via Crafted Produce Request
Jul 11, 2019
CVSS 8.8
EPSS 0.05
CVE-2018-11801
CRITICAL
Apache Fineract <1.3.0 - SQL Injection
Jun 11, 2019
CVSS 9.8
EPSS 0.05
CVE-2018-11800
CRITICAL
Apache Fineract <1.3.0 - SQL Injection
Jun 11, 2019
CVSS 9.8
EPSS 0.05
CVE-2018-8029
HIGH
Apache Hadoop <3.1.0, <2.9.1, <2.8.4 - Privilege Escalation
May 30, 2019
CVSS 8.8
EPSS 0.04
CVE-2018-17198
CRITICAL
Apache Roller < 5.1.2 - Server-Side Request Forgery via XML-RPC External Entity Processing
May 28, 2019
CVSS 9.8
EPSS 0.04
CVE-2018-17202
HIGH
Apache Commons Imaging and Sanselan - Denial of Service via Infinite Loop in Image Parsing
May 06, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-17201
HIGH
Apache Commons Imaging and Sanselan - Denial of Service via Malicious Image Parsing
May 06, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-8035
MEDIUM
Apache UIMA DUCC <= 2.2.2 - Stored Cross-Site Scripting
May 01, 2019
CVSS 6.1
EPSS 0.05
CVE-2018-1328
MEDIUM
Apache Zeppelin < 0.8.0 - Stored Cross-Site Scripting via Note Permissions
Apr 23, 2019
CVSS 6.1
EPSS 0.06
CVE-2018-1317
HIGH
Apache Zeppelin < 0.8.0 - Unauthenticated Arbitrary Paragraph Execution via Cron Scheduler
Apr 23, 2019
CVSS 8.8
EPSS 0.05
CVE-2018-11789
HIGH
Apache Heron 0.13.0-0.17.7 - Path Traversal via UI File Path Parameter
Mar 21, 2019
CVSS 7.5
EPSS 0.07
CVE-2018-11767
HIGH
Apache Hadoop 2.7.5-2.7.6, 2.8.3-2.8.4, 2.9.0-2.9.1 - Improper Privilege Management in KMS
Mar 21, 2019
CVSS 7.4
EPSS 0.04
CVE-2018-11783
HIGH
Apache Traffic Server 6.0.0-6.0.3 7.0.0-7.1.5 8.0.0-8.0.1 - Exposure of Sensitive Information via sslheaders Plugin
Mar 07, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-11793
HIGH
Apache Mesos < 1.4.3 - Denial of Service via JSON Parser Stack Overflow
Mar 05, 2019
CVSS 7.5
EPSS 0.05
CVE-2018-20244
MEDIUM
Apache Airflow < 1.10.2 - Stored Cross-Site Scripting via Metadata Database State Manipulation
Feb 27, 2019
CVSS 5.5
EPSS 0.02
CVE-2018-20242
MEDIUM
Apache JSPWiki < 2.10.5 - Cross-Site Scripting via Crafted URL
Feb 11, 2019
CVSS 6.1
EPSS 0.05
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters