apache

3,096 tracked vulnerabilities.

CVE-2018-11780 CRITICAL
Apache SpamAssassin < 3.4.2 - Remote Code Execution via PDFInfo Plugin
Sep 17, 2018
CVSS 9.8
EPSS 0.11
CVE-2018-1330 HIGH
Apache Mesos 1.4.0-1.5.0 - Denial of Service via Malformed JSON Payload
Sep 13, 2018
CVSS 7.5
EPSS 0.04
CVE-2018-11775 HIGH
Apache ActiveMQ < 5.15.6 - Improper Certificate Validation
Sep 10, 2018
CVSS 7.4
EPSS 0.07
CVE-2018-8040 MEDIUM
Apache Traffic Server <6.2.2, <7.1.3 - Info Disclosure
Aug 29, 2018
CVSS 5.3
EPSS 0.09
CVE-2018-8022 HIGH
Apache Traffic Server <6.2.2 - Use After Free
Aug 29, 2018
CVSS 7.5
EPSS 0.07
CVE-2018-8005 MEDIUM
Apache Traffic Server <6.2.2, <7.1.3 - Info Disclosure
Aug 29, 2018
CVSS 5.3
EPSS 0.07
CVE-2018-8004 MEDIUM
Apache Traffic Server <6.2.2, <7.1.3 - SSRF
Aug 29, 2018
CVSS 6.5
EPSS 0.06
CVE-2018-1318 HIGH
Apache Traffic Server 6.0.0-6.2.2 and 7.0.0-7.1.3 - Denial of Service via Method ACLs in remap.config
Aug 29, 2018
CVSS 7.5
EPSS 0.08
CVE-2018-8028 HIGH
Apache Sentry <2.0.1 - Privilege Escalation
Aug 23, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-11758 HIGH
Apache Cayenne < 3.1.3 - XML External Entity Injection in CayenneModeler
Aug 22, 2018
CVSS 8.1
EPSS 0.03
CVE-2018-11776 HIGH KEVNUCLEI
Apache Struts 2 Namespace Redirect OGNL Injection
Aug 22, 2018
CVSS 8.1
EPSS 1.00
CVE-2018-11771 MEDIUM
Apache Commons Compress 1.7-1.17 - Denial of Service via Malformed ZIP Archive
Aug 16, 2018
CVSS 5.5
EPSS 0.05
CVE-2018-11770 MEDIUM
Apache Spark 1.3.0-2.3.3 - Unauthenticated Job Submission via REST API
Aug 13, 2018
CVSS 4.2
EPSS 0.66
CVE-2018-11769 HIGH
Apache CouchDB < 2.2.0 - Authenticated Privilege Escalation and Remote Code Execution via HTTP API Configuration Bypass
Aug 08, 2018
CVSS 7.2
EPSS 0.08
CVE-2018-8037 MEDIUM
Apache Tomcat 8.5.5-8.5.31 and 9.0.0.M9-9.0.9 - Information Disclosure via Race Condition
Aug 02, 2018
CVSS 5.9
EPSS 0.12
CVE-2018-1336 HIGH
Apache Tomcat 7.0.28-7.0.86, 8.0.0.RC1-8.0.51, 8.5.0-8.5.30, 9.0.0.M9-9.0.7 DoS via UTF-8 Decoder Infinite Loop
Aug 02, 2018
CVSS 7.5
EPSS 0.21
CVE-2018-8032 MEDIUM
Apache Axis <= 1.4 - Cross-Site Scripting in Default Servlet
Aug 02, 2018
CVSS 6.1
EPSS 0.11
CVE-2018-8034 HIGH
Apache Tomcat <9.0.10 - Info Disclosure
Aug 01, 2018
CVSS 7.5
EPSS 0.21
CVE-2018-8027 CRITICAL
Apache Camel 2.20.0-2.20.3 and 2.21.0 - XML External Entity Injection in XSD Validation Processor
Jul 31, 2018
CVSS 9.8
EPSS 0.06
CVE-2018-8020 HIGH
Apache Tomcat Native 1.2.0-1.2.16/1.1.23-1.1.34 - Info Disclosure
Jul 31, 2018
CVSS 7.4
EPSS 0.04
CVE-2018-8019 HIGH
Apache Tomcat Native 1.2.0-1.2.16, 1.1.23-1.1.34 - Info Disclosure
Jul 31, 2018
CVSS 7.4
EPSS 0.04
CVE-2018-1288 MEDIUM
Apache Kafka <1.0.0 - Privilege Escalation
Jul 26, 2018
CVSS 5.4
EPSS 0.05
CVE-2018-8031 MEDIUM
Apache TomEE < 7.0.5 - Cross-Site Scripting via Malicious URL
Jul 23, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-11757 CRITICAL
Docker Skeleton Runtime for Apache OpenWhisk <1.3.0 - Code Injection
Jul 23, 2018
CVSS 9.8
EPSS 0.07
CVE-2018-11756 CRITICAL
PHP Runtime for Apache OpenWhisk - Code Injection
Jul 23, 2018
CVSS 9.8
EPSS 0.08