apache
3,096 tracked vulnerabilities.
CVE-2018-17187
HIGH
Apache Qpid Proton-J 0.3-0.29.0 - Improper Certificate Validation in TLS Transport Wrapper
Nov 13, 2018
CVSS 7.4
EPSS 0.03
CVE-2018-1314
MEDIUM
Apache Hive < 2.3.3 and 3.1.0 - Missing Authorization for EXPLAIN Operation
Nov 08, 2018
CVSS 4.3
EPSS 0.02
CVE-2018-11777
HIGH
Apache Hive <2.3.3, <3.1.0 - Info Disclosure
Nov 08, 2018
CVSS 8.1
EPSS 0.02
CVE-2018-8021
CRITICAL
Apache Superset < 0.23 - Remote Code Execution via Pickle Deserialization
Nov 07, 2018
CVSS 9.8
EPSS 0.54
CVE-2018-17186
HIGH
Apache Syncope - XML External Entity Injection
Nov 06, 2018
CVSS 7.2
EPSS 0.02
CVE-2018-17184
MEDIUM
Apache Syncope - Stored Cross-Site Scripting
Nov 06, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-11759
HIGH
NUCLEI
Apache Tomcat JK Connector 1.2.0-1.2.44 - Path Traversal via Request Path Normalization
Oct 31, 2018
CVSS 7.5
EPSS 0.91
CVE-2018-11792
CRITICAL
Apache Impala < 3.0.1 - Incorrect Permission Assignment for Critical Resource
Oct 24, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-11785
MEDIUM
Apache Impala < 3.0.1 - Missing Authorization Check
Oct 24, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-11804
HIGH
Apache Spark 1.3.0-2.2.3 - Information Disclosure via Zinc Server
Oct 24, 2018
CVSS 7.5
EPSS 0.06
CVE-2018-8006
MEDIUM
NUCLEI
Apache ActiveMQ 5.0.0-5.15.5 - Cross-Site Scripting via QueueFilter Parameter
Oct 10, 2018
CVSS 6.1
EPSS 0.57
CVE-2018-11796
HIGH
Apache Tika 0.1-1.19 - XML External Entity Injection via SAXParser Reset
Oct 09, 2018
CVSS 7.5
EPSS 0.07
CVE-2018-11797
MEDIUM
Apache PDFBox 1.8.0-1.8.15 and 2.0.0RC1-2.0.11 - Denial of Service via Page Tree Parsing
Oct 05, 2018
CVSS 5.5
EPSS 0.04
CVE-2018-11778
HIGH
Apache Ranger < 1.2.0 - Stack-based Buffer Overflow in UnixAuthenticationService
Oct 05, 2018
CVSS 8.8
EPSS 0.04
CVE-2018-11784
MEDIUM
NUCLEI
Apache Tomcat 7.0.23-7.0.90, 8.5.0-8.5.33, 9.0.0.M1-9.0.11 - Open Redirect via Default Servlet
Oct 04, 2018
CVSS 4.3
EPSS 0.94
CVE-2018-11763
MEDIUM
Apache HTTP Server 2.4.17-2.4.34 - DoS
Sep 25, 2018
CVSS 5.9
EPSS 0.51
CVE-2018-14889
HIGH
CouchDB - Local Code Execution
Sep 21, 2018
CVSS 7.8
EPSS 0.01
CVE-2018-8023
MEDIUM
Apache Mesos <1.4.2, 1.5.0, 1.5.1, 1.6.0 - Timing Attack
Sep 21, 2018
CVSS 5.9
EPSS 0.03
CVE-2018-8017
MEDIUM
Apache Tika <1.19 - Info Disclosure
Sep 19, 2018
CVSS 5.5
EPSS 0.03
CVE-2018-11762
MEDIUM
Apache Tika 0.9-1.18 - Path Traversal via Embedded File with Absolute Path
Sep 19, 2018
CVSS 5.9
EPSS 0.05
CVE-2018-11761
HIGH
Apache Tika 0.1-1.18 - XML External Entity Injection
Sep 19, 2018
CVSS 7.5
EPSS 0.10
CVE-2018-11787
HIGH
Apache Karaf < 3.0.9 - Unauthenticated Remote Command Execution via Pax Web Extender Whiteboard
Sep 18, 2018
CVSS 8.1
EPSS 0.03
CVE-2018-11786
HIGH
Apache Karaf < 4.2.0 - Unauthenticated Arbitrary File Read and Write via SSH Console
Sep 18, 2018
CVSS 8.8
EPSS 0.02
CVE-2018-8041
MEDIUM
Apache Camel's Mail <2.22.0 - Path Traversal
Sep 17, 2018
CVSS 5.3
EPSS 0.10
CVE-2018-11781
HIGH
Apache SpamAssassin < 3.4.2 - Local Code Injection via Meta Rule Syntax
Sep 17, 2018
CVSS 7.8
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters