apache

2,905 tracked vulnerabilities.

CVE-2017-7687 HIGH
Apache Mesos <1.1.3-1.4.0-dev - DoS
Sep 29, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-12621 CRITICAL
Apache Commons Jelly < 1.0.1 - XML External Entity Injection via Custom Doctype Entity
Sep 28, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-9804 HIGH
Apache Struts 2.3.7-2.3.33, 2.5-2.5.12 - DoS
Sep 20, 2017
CVSS 7.5
EPSS 0.05
CVE-2017-9793 HIGH
Apache Struts 2.1.x 2.3.7-2.3.33 2.5-2.5.12 - Denial of Service via Malicious XML Payload
Sep 20, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-12611 CRITICAL NUCLEI
Apache Struts 2.0.0-2.3.33 and 2.5-2.5.10.1 - Remote Code Execution via Freemarker Tag Expression
Sep 20, 2017
CVSS 9.8
EPSS 0.94
CVE-2017-12616 HIGH
Apache Tomcat 7.0.0-7.0.80 - Exposure of Sensitive Information via VirtualDirContext
Sep 19, 2017
CVSS 7.5
EPSS 0.91
CVE-2017-12615 HIGH KEVNUCLEI
Apache Tomcat 7.0.0-7.0.79 - Unauthenticated Remote Code Execution via JSP Upload
Sep 19, 2017
CVSS 8.1
EPSS 0.94
CVE-2017-9803 HIGH
Apache Solr 6.2.0-6.6.0 - Privilege Escalation via Kerberos Delegation Token Configuration
Sep 18, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-9798 HIGH
Apache httpd <2.4.28 - Use After Free
Sep 18, 2017
CVSS 7.5
EPSS 0.94
CVE-2017-9805 HIGH KEVNUCLEI
Apache Struts 2 REST Plugin XStream RCE
Sep 15, 2017
CVSS 8.1
EPSS 0.94
CVE-2017-3165 MEDIUM
Apache Brooklyn < 0.10.0 - Authenticated Stored Cross-Site Scripting
Sep 13, 2017
CVSS 5.4
EPSS 0.00
CVE-2017-12612 HIGH
Apache Spark 1.6.0-2.1.1 - Remote Code Execution via Launcher API Deserialization
Sep 13, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-3163 HIGH
Apache Solr < 5.5.4 and 6.0.0-6.4.0 - Path Traversal via Index Replication File Name
Aug 30, 2017
CVSS 7.5
EPSS 0.12
CVE-2017-3155 MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - Cross-Site Scripting
Aug 29, 2017
CVSS 6.1
EPSS 0.02
CVE-2017-3154 HIGH
Apache Atlas 0.6.0-incubating 0.7.0-incubating - Exposure of Sensitive Information via Error Stack Trace
Aug 29, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-3153 MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - Reflected Cross-Site Scripting in Search Functionality
Aug 29, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-3152 MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - DOM-Based Cross-Site Scripting in Edit-Tag Functionality
Aug 29, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-3151 MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - Stored Cross-Site Scripting in Edit-Tag Functionality
Aug 29, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-3150 MEDIUM
Apache Atlas 0.6.0-incubating and 0.7.0-incubating - Cross-Site Scripting via Cookie Access
Aug 29, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-9802 MEDIUM
Apache Sling Servlets Post <2.3.22 - XSS
Aug 14, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-9800 CRITICAL
Subversion <1.8.19, 1.9.x <1.9.7, 1.10.0.x <=1.10.0-alpha3 - RCE
Aug 11, 2017
CVSS 9.8
EPSS 0.59
CVE-2017-7675 HIGH
Apache Tomcat <9.0.0.M22, <8.5.16 - Path Traversal
Aug 11, 2017
CVSS 7.5
EPSS 0.04
CVE-2017-7674 MEDIUM
Apache Tomcat <9.0.0.M21,8.5.15,8.0.44,7.0.78 - Info Disclosure
Aug 11, 2017
CVSS 4.3
EPSS 0.06
CVE-2017-3156 HIGH
Apache CXF <3.0.13, <3.1.10 - Timing Attack
Aug 10, 2017
CVSS 7.5
EPSS 0.07
CVE-2017-9799 HIGH
Apache Storm <1.0.4-1.1.1 - Privilege Escalation
Aug 09, 2017
CVSS 8.8
EPSS 0.01
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV