apache
3,096 tracked vulnerabilities.
CVE-2018-8018
CRITICAL
Apache Ignite <2.4.8, <2.5.3 - Code Injection
Jul 20, 2018
CVSS 9.8
EPSS 0.07
CVE-2018-8042
HIGH
Apache Ambari <2.6.2 - Info Disclosure
Jul 18, 2018
CVSS 8.1
EPSS 0.02
CVE-2018-8011
HIGH
NUCLEI
Apache HTTP Server <2.4.34 - Use After Free
Jul 18, 2018
CVSS 7.5
EPSS 0.52
CVE-2018-8024
MEDIUM
NUCLEI
Apache Spark 2.1.0-2.1.2, 2.2.0-2.2.1, 2.3.0 - Cross-Site Scripting via Job and Stage Info Pages
Jul 12, 2018
CVSS 5.4
EPSS 0.05
CVE-2018-1334
MEDIUM
Apache Spark 1.0.0-2.1.2, 2.2.0-2.2.1, 2.3.0 - Unauthorized User Impersonation via Local Connection
Jul 12, 2018
CVSS 4.7
EPSS 0.01
CVE-2018-8007
HIGH
Apache CouchDB - Privilege Escalation
Jul 11, 2018
CVSS 7.2
EPSS 0.12
CVE-2018-1331
HIGH
Apache Storm <1.3 - Privilege Escalation
Jul 10, 2018
CVSS 8.8
EPSS 0.04
CVE-2018-1337
CRITICAL
Apache Directory LDAP API < 1.0.2 - Exposure of Sensitive Information via TLS Handshake Bypass
Jul 10, 2018
CVSS 9.8
EPSS 0.05
CVE-2018-8026
MEDIUM
Apache Solr 6.0.0-6.6.4 and 7.0.0-7.3.1 - XML External Entity Injection via Config File Upload
Jul 05, 2018
CVSS 5.5
EPSS 0.09
CVE-2018-8038
HIGH
Apache CXF Fediz <1.4.4 - Info Disclosure
Jul 05, 2018
CVSS 7.5
EPSS 0.11
CVE-2018-8036
MEDIUM
Apache PDFBox <2.0.11 - Memory Corruption
Jul 03, 2018
CVSS 6.5
EPSS 0.05
CVE-2018-8039
HIGH
Apache CXF < 3.1.16 and 3.2.0-3.2.5 - Improper TLS Hostname Verification
Jul 02, 2018
CVSS 8.1
EPSS 0.10
CVE-2018-8016
CRITICAL
Apache Cassandra 3.8-3.11.1 - Unauthenticated Remote Code Execution via JMX/RMI Interface
Jun 28, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-1306
HIGH
Apache Pluto 3.0.0 - Exposure of Sensitive Information via File Upload Path Disclosure
Jun 27, 2018
CVSS 7.5
EPSS 0.44
CVE-2018-8025
HIGH
Apache HBase - Privilege Escalation
Jun 27, 2018
CVSS 8.1
EPSS 0.02
CVE-2018-8030
HIGH
Apache Qpid Broker-J 7.0.0-7.0.4 - Denial of Service via Oversized AMQP Message
Jun 20, 2018
CVSS 7.5
EPSS 0.04
CVE-2018-1333
HIGH
Apache HTTP Server 2.4.18-2.4.30,2.4.33 - Denial of Service via HTTP/2 Request Handling
Jun 18, 2018
CVSS 7.5
EPSS 0.17
CVE-2018-1281
MEDIUM
Apache MXNet < 1.0.0 - Unintended Network Exposure via DMLC_PS_ROOT_URI Bypass
Jun 08, 2018
CVSS 6.5
EPSS 0.02
CVE-2018-8008
MEDIUM
Apache Storm <1.0.6, <1.2.1, <1.1.2 - Path Traversal
Jun 05, 2018
CVSS 5.5
EPSS 0.02
CVE-2018-1332
MEDIUM
Apache Storm < 1.0.6, 1.1.3, 1.2.1 - User Impersonation via Daemon Communication
Jun 05, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-8013
CRITICAL
Apache Batik 1.x -<1.10 - Deserialization
May 24, 2018
CVSS 9.8
EPSS 0.20
CVE-2018-1310
HIGH
Apache NiFi < 1.6.0 - Denial of Service via JMS Deserialization
May 23, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-1309
CRITICAL
Apache NiFi < 1.6.0 - XML External Entity Injection in SplitXML Processor
May 23, 2018
CVSS 9.8
EPSS 0.05
CVE-2018-8012
HIGH
Apache ZooKeeper <3.4.10, <3.5.0-alpha-<3.5.3-beta - DoS
May 21, 2018
CVSS 7.5
EPSS 0.09
CVE-2018-8010
MEDIUM
Apache Solr 6.0.0-6.6.3 and 7.0.0-7.3.0 - XML External Entity Injection in Config Files
May 21, 2018
CVSS 5.5
EPSS 0.04
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters