apache
3,096 tracked vulnerabilities.
CVE-2018-1322
MEDIUM
Apache Syncope 1.2.0-1.2.10 - Information Disclosure via FIQL and ORDER BY Parameters
Mar 20, 2018
CVSS 4.9
EPSS 0.21
CVE-2018-1321
HIGH
Apache Syncope 1.2.0-1.2.10 - Authenticated Remote Code Execution via XSLT
Mar 20, 2018
CVSS 7.2
EPSS 0.18
CVE-2018-1294
HIGH
Apache Commons Email < 1.5 - Email Header Injection via Bounce Address
Mar 20, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-1324
MEDIUM
Apache Commons Compress 1.11-1.15 - Denial of Service via ZIP Extra Field Parser
Mar 16, 2018
CVSS 5.5
EPSS 0.04
CVE-2018-1319
MEDIUM
Apache Allura < 1.8.0 - HTTP Response Splitting via Crafted URL
Mar 15, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-1323
HIGH
Apache Tomcat JK Connector 1.2.0-1.2.42 - Path Traversal via IIS/ISAPI Request Path Normalization
Mar 12, 2018
CVSS 7.5
EPSS 0.44
CVE-2018-1316
HIGH
Apache ODE 1.1.1-1.3.2 - Path Traversal and Arbitrary File Write via Process Deployment Web Service
Mar 05, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-1304
MEDIUM
Apache Tomcat <9.0.5-7.0.85 - Info Disclosure
Feb 28, 2018
CVSS 5.9
EPSS 0.17
CVE-2018-1286
MEDIUM
Apache OpenMeetings 3.0.0-4.0.1 - Authenticated Denial of Service via Privileged User CRUD Operations
Feb 28, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-1305
MEDIUM
Apache Tomcat 7.0.0-9.0.4 - Privilege Escalation
Feb 23, 2018
CVSS 6.5
EPSS 0.15
CVE-2018-1287
CRITICAL
Apache JMeter <3.X - Code Injection
Feb 14, 2018
CVSS 9.8
EPSS 0.03
CVE-2018-1297
CRITICAL
Apache JMeter 2.x-3.x - Unauthenticated Remote Code Execution via Unsecured RMI Connection
Feb 13, 2018
CVSS 9.8
EPSS 0.10
CVE-2018-1307
HIGH
Apache jUDDI 3.2-3.3.4 - XML External Entity Injection via WADL2Java or WSDL2Java
Feb 09, 2018
CVSS 8.1
EPSS 0.02
CVE-2018-1298
MEDIUM
Apache Qpid Broker-J 7.0.0 - Unauthenticated Denial of Service via PLAIN or XOAUTH2 SASL Mechanism
Feb 09, 2018
CVSS 5.9
EPSS 0.02
CVE-2018-1299
HIGH
Apache Allura < 1.8.0 - Unauthenticated Arbitrary File Read via Path Traversal
Feb 06, 2018
CVSS 7.5
EPSS 0.03
CVE-2017-15694
MEDIUM
Apache Geode <1.9.0 - Privilege Escalation
Jun 21, 2019
CVSS 6.5
EPSS 0.02
CVE-2017-12619
HIGH
Apache Zeppelin <0.7.3 - Info Disclosure
Apr 23, 2019
CVSS 8.1
EPSS 0.05
CVE-2017-3164
HIGH
Apache Solr 1.3.0-7.6.0 - Server-Side Request Forgery via Shards Parameter
Mar 08, 2019
CVSS 7.5
EPSS 0.19
CVE-2017-17836
CRITICAL
Apache Airflow < 1.8.2 - Authenticated Credential Exposure via Experimental Feature
Jan 23, 2019
CVSS 9.8
EPSS 0.02
CVE-2017-17835
HIGH
Apache Airflow < 1.8.2 - Cross-Site Request Forgery
Jan 23, 2019
CVSS 8.8
EPSS 0.01
CVE-2017-15720
HIGH
Apache Airflow < 1.8.2 - Authenticated Remote Code Execution via Special Object Creation
Jan 23, 2019
CVSS 8.8
EPSS 0.02
CVE-2017-5658
MEDIUM
Apache Pony Mail 0.7-0.9 - Unauthenticated Exposure of Sensitive Information via Statistics Generator
Oct 04, 2018
CVSS 5.3
EPSS 0.02
CVE-2017-15705
MEDIUM
Apache SpamAssassin < 3.4.2 - Denial of Service via Unclosed HTML Tags
Sep 17, 2018
CVSS 5.3
EPSS 0.08
CVE-2017-12614
MEDIUM
Apache Airflow < 1.9.0 - Reflected Cross-Site Scripting in 404 Error Page
Aug 06, 2018
CVSS 6.1
EPSS 0.02
CVE-2017-12171
MEDIUM
Red Hat Enterprise Linux 6.9 - Info Disclosure
Jul 26, 2018
CVSS 6.5
EPSS 0.08
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters