apache

3,096 tracked vulnerabilities.

CVE-2018-8018 CRITICAL
Apache Ignite <2.4.8, <2.5.3 - Code Injection
Jul 20, 2018
CVSS 9.8
EPSS 0.07
CVE-2018-8042 HIGH
Apache Ambari <2.6.2 - Info Disclosure
Jul 18, 2018
CVSS 8.1
EPSS 0.02
CVE-2018-8011 HIGH NUCLEI
Apache HTTP Server <2.4.34 - Use After Free
Jul 18, 2018
CVSS 7.5
EPSS 0.52
CVE-2018-8024 MEDIUM NUCLEI
Apache Spark 2.1.0-2.1.2, 2.2.0-2.2.1, 2.3.0 - Cross-Site Scripting via Job and Stage Info Pages
Jul 12, 2018
CVSS 5.4
EPSS 0.05
CVE-2018-1334 MEDIUM
Apache Spark 1.0.0-2.1.2, 2.2.0-2.2.1, 2.3.0 - Unauthorized User Impersonation via Local Connection
Jul 12, 2018
CVSS 4.7
EPSS 0.01
CVE-2018-8007 HIGH
Apache CouchDB - Privilege Escalation
Jul 11, 2018
CVSS 7.2
EPSS 0.12
CVE-2018-1331 HIGH
Apache Storm <1.3 - Privilege Escalation
Jul 10, 2018
CVSS 8.8
EPSS 0.04
CVE-2018-1337 CRITICAL
Apache Directory LDAP API < 1.0.2 - Exposure of Sensitive Information via TLS Handshake Bypass
Jul 10, 2018
CVSS 9.8
EPSS 0.05
CVE-2018-8026 MEDIUM
Apache Solr 6.0.0-6.6.4 and 7.0.0-7.3.1 - XML External Entity Injection via Config File Upload
Jul 05, 2018
CVSS 5.5
EPSS 0.09
CVE-2018-8038 HIGH
Apache CXF Fediz <1.4.4 - Info Disclosure
Jul 05, 2018
CVSS 7.5
EPSS 0.11
CVE-2018-8036 MEDIUM
Apache PDFBox <2.0.11 - Memory Corruption
Jul 03, 2018
CVSS 6.5
EPSS 0.05
CVE-2018-8039 HIGH
Apache CXF < 3.1.16 and 3.2.0-3.2.5 - Improper TLS Hostname Verification
Jul 02, 2018
CVSS 8.1
EPSS 0.10
CVE-2018-8016 CRITICAL
Apache Cassandra 3.8-3.11.1 - Unauthenticated Remote Code Execution via JMX/RMI Interface
Jun 28, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-1306 HIGH
Apache Pluto 3.0.0 - Exposure of Sensitive Information via File Upload Path Disclosure
Jun 27, 2018
CVSS 7.5
EPSS 0.44
CVE-2018-8025 HIGH
Apache HBase - Privilege Escalation
Jun 27, 2018
CVSS 8.1
EPSS 0.02
CVE-2018-8030 HIGH
Apache Qpid Broker-J 7.0.0-7.0.4 - Denial of Service via Oversized AMQP Message
Jun 20, 2018
CVSS 7.5
EPSS 0.04
CVE-2018-1333 HIGH
Apache HTTP Server 2.4.18-2.4.30,2.4.33 - Denial of Service via HTTP/2 Request Handling
Jun 18, 2018
CVSS 7.5
EPSS 0.17
CVE-2018-1281 MEDIUM
Apache MXNet < 1.0.0 - Unintended Network Exposure via DMLC_PS_ROOT_URI Bypass
Jun 08, 2018
CVSS 6.5
EPSS 0.02
CVE-2018-8008 MEDIUM
Apache Storm <1.0.6, <1.2.1, <1.1.2 - Path Traversal
Jun 05, 2018
CVSS 5.5
EPSS 0.02
CVE-2018-1332 MEDIUM
Apache Storm < 1.0.6, 1.1.3, 1.2.1 - User Impersonation via Daemon Communication
Jun 05, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-8013 CRITICAL
Apache Batik 1.x -<1.10 - Deserialization
May 24, 2018
CVSS 9.8
EPSS 0.20
CVE-2018-1310 HIGH
Apache NiFi < 1.6.0 - Denial of Service via JMS Deserialization
May 23, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-1309 CRITICAL
Apache NiFi < 1.6.0 - XML External Entity Injection in SplitXML Processor
May 23, 2018
CVSS 9.8
EPSS 0.05
CVE-2018-8012 HIGH
Apache ZooKeeper <3.4.10, <3.5.0-alpha-<3.5.3-beta - DoS
May 21, 2018
CVSS 7.5
EPSS 0.09
CVE-2018-8010 MEDIUM
Apache Solr 6.0.0-6.6.3 and 7.0.0-7.3.0 - XML External Entity Injection in Config Files
May 21, 2018
CVSS 5.5
EPSS 0.04