apache

3,096 tracked vulnerabilities.

CVE-2018-1311 HIGH
Apache Xerces-C++ 3.0.0-3.2.3 - Use-After-Free in External DTD Scanning
Dec 18, 2019
CVSS 8.1
EPSS 0.10
CVE-2018-11805 MEDIUM
Apache SpamAssassin <3.4.3 - Code Injection
Dec 12, 2019
CVSS 6.7
EPSS 0.01
CVE-2018-11768 HIGH
Apache Hadoop 2.0.0-2.9.1, 3.0.0-3.0.3, 3.1.0-3.1.1 Memory Corruption
Oct 04, 2019
CVSS 7.5
EPSS 0.07
CVE-2018-11782 MEDIUM
Apache Subversion <= 1.9.10, 1.10.4, 1.12.0 - Denial of Service via Read-Only Request
Sep 26, 2019
CVSS 6.5
EPSS 0.02
CVE-2018-17200 CRITICAL
Apache OFBiz 16.11.01-16.11.05 - Remote Code Execution via XStream Deserialization in HTTP Service Endpoint
Sep 11, 2019
CVSS 9.8
EPSS 0.05
CVE-2018-11774 HIGH
Apache Virtual Computing Lab 2.1-2.5 - Authenticated SQL Injection
Jul 29, 2019
CVSS 7.2
EPSS 0.01
CVE-2018-11773 CRITICAL
Apache Virtual Computing Lab 2.1-2.5 - Improper Input Validation via Block Allocation Form
Jul 29, 2019
CVSS 9.8
EPSS 0.02
CVE-2018-11772 HIGH
Apache Virtual Computing Lab 2.1-2.5 - Authenticated SQL Injection via Privilege Tree Cookie
Jul 29, 2019
CVSS 7.2
EPSS 0.01
CVE-2018-11779 CRITICAL
Apache Storm 1.1.0-1.2.2 - Deserialization of Untrusted Data via Storm UI Daemon
Jul 26, 2019
CVSS 9.8
EPSS 0.03
CVE-2018-17196 HIGH
Apache Kafka 0.11.0.0-2.1.0 - Authenticated ACL Bypass via Crafted Produce Request
Jul 11, 2019
CVSS 8.8
EPSS 0.05
CVE-2018-11801 CRITICAL
Apache Fineract <1.3.0 - SQL Injection
Jun 11, 2019
CVSS 9.8
EPSS 0.05
CVE-2018-11800 CRITICAL
Apache Fineract <1.3.0 - SQL Injection
Jun 11, 2019
CVSS 9.8
EPSS 0.05
CVE-2018-8029 HIGH
Apache Hadoop <3.1.0, <2.9.1, <2.8.4 - Privilege Escalation
May 30, 2019
CVSS 8.8
EPSS 0.04
CVE-2018-17198 CRITICAL
Apache Roller < 5.1.2 - Server-Side Request Forgery via XML-RPC External Entity Processing
May 28, 2019
CVSS 9.8
EPSS 0.04
CVE-2018-17202 HIGH
Apache Commons Imaging and Sanselan - Denial of Service via Infinite Loop in Image Parsing
May 06, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-17201 HIGH
Apache Commons Imaging and Sanselan - Denial of Service via Malicious Image Parsing
May 06, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-8035 MEDIUM
Apache UIMA DUCC <= 2.2.2 - Stored Cross-Site Scripting
May 01, 2019
CVSS 6.1
EPSS 0.05
CVE-2018-1328 MEDIUM
Apache Zeppelin < 0.8.0 - Stored Cross-Site Scripting via Note Permissions
Apr 23, 2019
CVSS 6.1
EPSS 0.06
CVE-2018-1317 HIGH
Apache Zeppelin < 0.8.0 - Unauthenticated Arbitrary Paragraph Execution via Cron Scheduler
Apr 23, 2019
CVSS 8.8
EPSS 0.05
CVE-2018-11789 HIGH
Apache Heron 0.13.0-0.17.7 - Path Traversal via UI File Path Parameter
Mar 21, 2019
CVSS 7.5
EPSS 0.07
CVE-2018-11767 HIGH
Apache Hadoop 2.7.5-2.7.6, 2.8.3-2.8.4, 2.9.0-2.9.1 - Improper Privilege Management in KMS
Mar 21, 2019
CVSS 7.4
EPSS 0.04
CVE-2018-11783 HIGH
Apache Traffic Server 6.0.0-6.0.3 7.0.0-7.1.5 8.0.0-8.0.1 - Exposure of Sensitive Information via sslheaders Plugin
Mar 07, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-11793 HIGH
Apache Mesos < 1.4.3 - Denial of Service via JSON Parser Stack Overflow
Mar 05, 2019
CVSS 7.5
EPSS 0.05
CVE-2018-20244 MEDIUM
Apache Airflow < 1.10.2 - Stored Cross-Site Scripting via Metadata Database State Manipulation
Feb 27, 2019
CVSS 5.5
EPSS 0.02
CVE-2018-20242 MEDIUM
Apache JSPWiki < 2.10.5 - Cross-Site Scripting via Crafted URL
Feb 11, 2019
CVSS 6.1
EPSS 0.05