apache

3,096 tracked vulnerabilities.

CVE-2018-1340 HIGH
Apache Guacamole < 1.0.0 - Unauthenticated Session Token Exposure via Insecure Cookie
Feb 07, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-1296 HIGH
Apache Hadoop 2.5.0-2.7.5 and 2.8.0-2.8.3 - Unauthorized Exposure of Extended Attributes
Feb 07, 2019
CVSS 7.5
EPSS 0.03
CVE-2018-11803 HIGH
Subversion's mod_dav_svn <1.11.0-1.10.3 - Use After Free
Feb 05, 2019
CVSS 7.5
EPSS 0.58
CVE-2018-11760 MEDIUM
PySpark <2.3.1 - Privilege Escalation
Feb 04, 2019
CVSS 5.5
EPSS 0.01
CVE-2018-11790 HIGH
Apache Open Office <4.1.5 - Memory Corruption
Jan 31, 2019
CVSS 7.8
EPSS 0.01
CVE-2018-17199 HIGH
Apache HTTP Server <2.4.38 - Info Disclosure
Jan 30, 2019
CVSS 7.5
EPSS 0.20
CVE-2018-17189 MEDIUM
Apache HTTP Server <= 2.4.37 - Denial of Service via Slow Loris HTTP/2 Request
Jan 30, 2019
CVSS 5.3
EPSS 0.19
CVE-2018-20245 HIGH
Apache Airflow <1.10.1 - Info Disclosure
Jan 23, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-1000421 MEDIUM
Jenkins Mesos Plugin <0.17.1 - Auth Bypass
Jan 09, 2019
CVSS 6.5
EPSS 0.01
CVE-2018-1000420 MEDIUM
Jenkins Mesos Plugin <0.17.1 - Auth Bypass
Jan 09, 2019
CVSS 6.5
EPSS 0.01
CVE-2018-1320 HIGH
Apache Thrift 0.5.0-0.11.0 - Improper Certificate Validation in SASL Negotiation
Jan 07, 2019
CVSS 7.5
EPSS 0.08
CVE-2018-11798 MEDIUM
Apache Thrift Node.js <0.11.0 - Path Traversal
Jan 07, 2019
CVSS 6.5
EPSS 0.05
CVE-2018-11788 CRITICAL
Apache Karaf < 4.1.7 and 4.2.0-4.2.2 - XML External Entity Injection via Features XML Deployer
Jan 07, 2019
CVSS 9.8
EPSS 0.07
CVE-2018-17188 HIGH
CouchDB <2.3.0 - Privilege Escalation
Jan 02, 2019
CVSS 7.2
EPSS 0.03
CVE-2018-17191 CRITICAL
Apache NetBeans (incubating) 9.0 - RCE
Dec 31, 2018
CVSS 9.8
EPSS 0.08
CVE-2018-17197 MEDIUM
Apache Tika <1.19.1 - Info Disclosure
Dec 24, 2018
CVSS 6.5
EPSS 0.06
CVE-2018-11799 MEDIUM
Apache Oozie <5.0.0 - Privilege Escalation
Dec 19, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-17195 HIGH
Apache NiFi 1.0.0-1.7.1 - Cross-Site Request Forgery via Template Upload API
Dec 19, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-17194 HIGH
Apache NiFi 1.0.0-1.7.1 - Denial of Service via DELETE Request Content-Length Handling
Dec 19, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-17193 MEDIUM
Apache NiFi 1.0.0-1.7.1 - Reflected Cross-Site Scripting via X-ProxyContextPath Header
Dec 19, 2018
CVSS 6.1
EPSS 0.03
CVE-2018-17192 MEDIUM
Apache NiFi <1.8.0 - Info Disclosure
Dec 19, 2018
CVSS 6.5
EPSS 0.03
CVE-2018-8033 HIGH NUCLEI
Apache OFBiz 16.11.01-16.11.04 - Info Disclosure
Dec 13, 2018
CVSS 7.5
EPSS 0.26
CVE-2018-11766 HIGH
Apache Hadoop <2.7.7 - Privilege Escalation
Nov 27, 2018
CVSS 8.8
EPSS 0.03
CVE-2018-17190 CRITICAL
Apache Spark - Unauthenticated Remote Code Execution via Master Host
Nov 19, 2018
CVSS 9.8
EPSS 0.09
CVE-2018-8009 HIGH
Apache Hadoop Path Traversal via Zip Slip
Nov 13, 2018
CVSS 8.8
EPSS 0.08