apache

3,096 tracked vulnerabilities.

CVE-2018-1322 MEDIUM
Apache Syncope 1.2.0-1.2.10 - Information Disclosure via FIQL and ORDER BY Parameters
Mar 20, 2018
CVSS 4.9
EPSS 0.21
CVE-2018-1321 HIGH
Apache Syncope 1.2.0-1.2.10 - Authenticated Remote Code Execution via XSLT
Mar 20, 2018
CVSS 7.2
EPSS 0.18
CVE-2018-1294 HIGH
Apache Commons Email < 1.5 - Email Header Injection via Bounce Address
Mar 20, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-1324 MEDIUM
Apache Commons Compress 1.11-1.15 - Denial of Service via ZIP Extra Field Parser
Mar 16, 2018
CVSS 5.5
EPSS 0.04
CVE-2018-1319 MEDIUM
Apache Allura < 1.8.0 - HTTP Response Splitting via Crafted URL
Mar 15, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-1323 HIGH
Apache Tomcat JK Connector 1.2.0-1.2.42 - Path Traversal via IIS/ISAPI Request Path Normalization
Mar 12, 2018
CVSS 7.5
EPSS 0.44
CVE-2018-1316 HIGH
Apache ODE 1.1.1-1.3.2 - Path Traversal and Arbitrary File Write via Process Deployment Web Service
Mar 05, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-1304 MEDIUM
Apache Tomcat <9.0.5-7.0.85 - Info Disclosure
Feb 28, 2018
CVSS 5.9
EPSS 0.17
CVE-2018-1286 MEDIUM
Apache OpenMeetings 3.0.0-4.0.1 - Authenticated Denial of Service via Privileged User CRUD Operations
Feb 28, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-1305 MEDIUM
Apache Tomcat 7.0.0-9.0.4 - Privilege Escalation
Feb 23, 2018
CVSS 6.5
EPSS 0.15
CVE-2018-1287 CRITICAL
Apache JMeter <3.X - Code Injection
Feb 14, 2018
CVSS 9.8
EPSS 0.03
CVE-2018-1297 CRITICAL
Apache JMeter 2.x-3.x - Unauthenticated Remote Code Execution via Unsecured RMI Connection
Feb 13, 2018
CVSS 9.8
EPSS 0.10
CVE-2018-1307 HIGH
Apache jUDDI 3.2-3.3.4 - XML External Entity Injection via WADL2Java or WSDL2Java
Feb 09, 2018
CVSS 8.1
EPSS 0.02
CVE-2018-1298 MEDIUM
Apache Qpid Broker-J 7.0.0 - Unauthenticated Denial of Service via PLAIN or XOAUTH2 SASL Mechanism
Feb 09, 2018
CVSS 5.9
EPSS 0.02
CVE-2018-1299 HIGH
Apache Allura < 1.8.0 - Unauthenticated Arbitrary File Read via Path Traversal
Feb 06, 2018
CVSS 7.5
EPSS 0.03
CVE-2017-15694 MEDIUM
Apache Geode <1.9.0 - Privilege Escalation
Jun 21, 2019
CVSS 6.5
EPSS 0.02
CVE-2017-12619 HIGH
Apache Zeppelin <0.7.3 - Info Disclosure
Apr 23, 2019
CVSS 8.1
EPSS 0.05
CVE-2017-3164 HIGH
Apache Solr 1.3.0-7.6.0 - Server-Side Request Forgery via Shards Parameter
Mar 08, 2019
CVSS 7.5
EPSS 0.19
CVE-2017-17836 CRITICAL
Apache Airflow < 1.8.2 - Authenticated Credential Exposure via Experimental Feature
Jan 23, 2019
CVSS 9.8
EPSS 0.02
CVE-2017-17835 HIGH
Apache Airflow < 1.8.2 - Cross-Site Request Forgery
Jan 23, 2019
CVSS 8.8
EPSS 0.01
CVE-2017-15720 HIGH
Apache Airflow < 1.8.2 - Authenticated Remote Code Execution via Special Object Creation
Jan 23, 2019
CVSS 8.8
EPSS 0.02
CVE-2017-5658 MEDIUM
Apache Pony Mail 0.7-0.9 - Unauthenticated Exposure of Sensitive Information via Statistics Generator
Oct 04, 2018
CVSS 5.3
EPSS 0.02
CVE-2017-15705 MEDIUM
Apache SpamAssassin < 3.4.2 - Denial of Service via Unclosed HTML Tags
Sep 17, 2018
CVSS 5.3
EPSS 0.08
CVE-2017-12614 MEDIUM
Apache Airflow < 1.9.0 - Reflected Cross-Site Scripting in 404 Error Page
Aug 06, 2018
CVSS 6.1
EPSS 0.02
CVE-2017-12171 MEDIUM
Red Hat Enterprise Linux 6.9 - Info Disclosure
Jul 26, 2018
CVSS 6.5
EPSS 0.08