apache
3,096 tracked vulnerabilities.
CVE-2018-11780
CRITICAL
Apache SpamAssassin < 3.4.2 - Remote Code Execution via PDFInfo Plugin
Sep 17, 2018
CVSS 9.8
EPSS 0.11
CVE-2018-1330
HIGH
Apache Mesos 1.4.0-1.5.0 - Denial of Service via Malformed JSON Payload
Sep 13, 2018
CVSS 7.5
EPSS 0.04
CVE-2018-11775
HIGH
Apache ActiveMQ < 5.15.6 - Improper Certificate Validation
Sep 10, 2018
CVSS 7.4
EPSS 0.07
CVE-2018-8040
MEDIUM
Apache Traffic Server <6.2.2, <7.1.3 - Info Disclosure
Aug 29, 2018
CVSS 5.3
EPSS 0.09
CVE-2018-8022
HIGH
Apache Traffic Server <6.2.2 - Use After Free
Aug 29, 2018
CVSS 7.5
EPSS 0.07
CVE-2018-8005
MEDIUM
Apache Traffic Server <6.2.2, <7.1.3 - Info Disclosure
Aug 29, 2018
CVSS 5.3
EPSS 0.07
CVE-2018-8004
MEDIUM
Apache Traffic Server <6.2.2, <7.1.3 - SSRF
Aug 29, 2018
CVSS 6.5
EPSS 0.06
CVE-2018-1318
HIGH
Apache Traffic Server 6.0.0-6.2.2 and 7.0.0-7.1.3 - Denial of Service via Method ACLs in remap.config
Aug 29, 2018
CVSS 7.5
EPSS 0.08
CVE-2018-8028
HIGH
Apache Sentry <2.0.1 - Privilege Escalation
Aug 23, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-11758
HIGH
Apache Cayenne < 3.1.3 - XML External Entity Injection in CayenneModeler
Aug 22, 2018
CVSS 8.1
EPSS 0.03
CVE-2018-11776
HIGH
KEVNUCLEI
Apache Struts 2 Namespace Redirect OGNL Injection
Aug 22, 2018
CVSS 8.1
EPSS 1.00
CVE-2018-11771
MEDIUM
Apache Commons Compress 1.7-1.17 - Denial of Service via Malformed ZIP Archive
Aug 16, 2018
CVSS 5.5
EPSS 0.05
CVE-2018-11770
MEDIUM
Apache Spark 1.3.0-2.3.3 - Unauthenticated Job Submission via REST API
Aug 13, 2018
CVSS 4.2
EPSS 0.66
CVE-2018-11769
HIGH
Apache CouchDB < 2.2.0 - Authenticated Privilege Escalation and Remote Code Execution via HTTP API Configuration Bypass
Aug 08, 2018
CVSS 7.2
EPSS 0.08
CVE-2018-8037
MEDIUM
Apache Tomcat 8.5.5-8.5.31 and 9.0.0.M9-9.0.9 - Information Disclosure via Race Condition
Aug 02, 2018
CVSS 5.9
EPSS 0.12
CVE-2018-1336
HIGH
Apache Tomcat 7.0.28-7.0.86, 8.0.0.RC1-8.0.51, 8.5.0-8.5.30, 9.0.0.M9-9.0.7 DoS via UTF-8 Decoder Infinite Loop
Aug 02, 2018
CVSS 7.5
EPSS 0.21
CVE-2018-8032
MEDIUM
Apache Axis <= 1.4 - Cross-Site Scripting in Default Servlet
Aug 02, 2018
CVSS 6.1
EPSS 0.11
CVE-2018-8034
HIGH
Apache Tomcat <9.0.10 - Info Disclosure
Aug 01, 2018
CVSS 7.5
EPSS 0.21
CVE-2018-8027
CRITICAL
Apache Camel 2.20.0-2.20.3 and 2.21.0 - XML External Entity Injection in XSD Validation Processor
Jul 31, 2018
CVSS 9.8
EPSS 0.06
CVE-2018-8020
HIGH
Apache Tomcat Native 1.2.0-1.2.16/1.1.23-1.1.34 - Info Disclosure
Jul 31, 2018
CVSS 7.4
EPSS 0.04
CVE-2018-8019
HIGH
Apache Tomcat Native 1.2.0-1.2.16, 1.1.23-1.1.34 - Info Disclosure
Jul 31, 2018
CVSS 7.4
EPSS 0.04
CVE-2018-1288
MEDIUM
Apache Kafka <1.0.0 - Privilege Escalation
Jul 26, 2018
CVSS 5.4
EPSS 0.05
CVE-2018-8031
MEDIUM
Apache TomEE < 7.0.5 - Cross-Site Scripting via Malicious URL
Jul 23, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-11757
CRITICAL
Docker Skeleton Runtime for Apache OpenWhisk <1.3.0 - Code Injection
Jul 23, 2018
CVSS 9.8
EPSS 0.07
CVE-2018-11756
CRITICAL
PHP Runtime for Apache OpenWhisk - Code Injection
Jul 23, 2018
CVSS 9.8
EPSS 0.08
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters