apache
3,096 tracked vulnerabilities.
CVE-2017-12610
MEDIUM
Apache Kafka 0.10.0.0-0.10.2.1 and 0.11.0.0-0.11.0.1 - Authenticated Impersonation via SASL/PLAIN or SASL/SCRAM
Jul 26, 2018
CVSS 6.8
EPSS 0.03
CVE-2017-15695
HIGH
Apache Geode 1.0.0-1.4.0 - Remote Code Execution via Internal Function Invocation
Jun 13, 2018
CVSS 8.8
EPSS 0.03
CVE-2017-15691
MEDIUM
Apache UIMA < 2.10.2 - XML External Entity Injection
Apr 26, 2018
CVSS 6.5
EPSS 0.09
CVE-2017-15715
HIGH
NUCLEI
Apache httpd <=2.4.29 - Arbitrary File Upload
Mar 26, 2018
CVSS 8.1
EPSS 0.86
CVE-2017-15710
HIGH
Apache HTTP Server 2.0.23-2.0.65, 2.2.0-2.2.34, 2.4.0-2.4.29 - Out-of-bounds Write in mod_authnz_ldap
Mar 26, 2018
CVSS 7.5
EPSS 0.18
CVE-2017-12174
HIGH
Apache ActiveMQ Artemis and HornetQ < 2.4.0 - Uncontrolled Resource Consumption via UDP Discovery
Mar 07, 2018
CVSS 7.5
EPSS 0.06
CVE-2017-12627
CRITICAL
Apache Xerces-C++ < 3.2.1 - Null Pointer Dereference via External DTD Path Processing
Mar 01, 2018
CVSS 9.8
EPSS 0.08
CVE-2017-7671
HIGH
Apache Traffic Server 5.2.0-5.3.2, 6.0.0-6.2.0, 7.0.0 - Denial of Service via TLS Handshake
Feb 27, 2018
CVSS 7.5
EPSS 0.02
CVE-2017-5660
HIGH
Apache Traffic Server <= 6.2.0 and <= 7.0.0 - Improper Input Validation via Host Header Line Folding
Feb 27, 2018
CVSS 8.6
EPSS 0.02
CVE-2017-15693
HIGH
Apache Geode < 1.4.0 - Remote Code Execution via Untrusted Data Deserialization
Feb 27, 2018
CVSS 7.5
EPSS 0.03
CVE-2017-15692
CRITICAL
Apache Geode < 1.4.0 - Remote Code Execution via TcpServer Deserialization
Feb 27, 2018
CVSS 9.8
EPSS 0.05
CVE-2017-15696
HIGH
Apache Geode 1.0.0-1.3.0 & geode-core 1.0.0-1.4.0 - Sensitive Info Exposure via Config Service
Feb 26, 2018
CVSS 7.5
EPSS 0.02
CVE-2017-15712
MEDIUM
Apache Oozie 3.1.3-4.3.0 and 5.0.0-beta1 - Path Traversal via Workflow XML File
Feb 19, 2018
CVSS 6.5
EPSS 0.03
CVE-2017-15699
MEDIUM
Apache Qpid Dispatch Router 0.7.0 and 0.8.0 - Denial of Service via Crafted AMQP Frame
Feb 13, 2018
CVSS 6.5
EPSS 0.03
CVE-2017-15709
LOW
Apache ActiveMQ 5.14.0-5.15.2 - Exposure of Sensitive System Information via OpenWire Protocol
Feb 13, 2018
CVSS 3.7
EPSS 0.23
CVE-2017-3160
HIGH
Apache Cordova < 6.1.2 - Unauthenticated Man-in-the-Middle Attack via Insecure Gradle Download
Feb 01, 2018
CVSS 7.4
EPSS 0.04
CVE-2017-15706
MEDIUM
Apache Tomcat 7.0.79-9.0.1 - Info Disclosure
Jan 31, 2018
CVSS 5.3
EPSS 0.06
CVE-2017-15698
MEDIUM
Apache Tomcat Native 1.1.23-1.1.34 and 1.2.0-1.2.14 - Improper Certificate Validation in AIA-Extension Field
Jan 31, 2018
CVSS 5.9
EPSS 0.04
CVE-2017-12626
HIGH
Apache POI < 3.17 - Denial of Service via Crafted WMF EMF MSG Macro DOC PPT XLS Parsing
Jan 29, 2018
CVSS 7.5
EPSS 0.10
CVE-2017-15703
MEDIUM
Apache NiFi 1.0.0-1.3.0 - Authenticated Denial of Service via Java Deserialization
Jan 25, 2018
CVSS 5.0
EPSS 0.01
CVE-2017-15718
CRITICAL
Apache Hadoop <2.7.5 - Info Disclosure
Jan 24, 2018
CVSS 9.8
EPSS 0.04
CVE-2017-15697
CRITICAL
Apache NiFi 1.0.0-1.4.0 - Remote Code Execution via X-ProxyContextPath or X-Forwarded-Context Header
Jan 23, 2018
CVSS 9.8
EPSS 0.05
CVE-2017-12632
HIGH
Apache NiFi < 1.5.0 - Server-Side Request Forgery via Host Header
Jan 23, 2018
CVSS 7.5
EPSS 0.03
CVE-2017-15713
MEDIUM
Apache Hadoop Sensitive Information Exposure via Malicious Configuration
Jan 19, 2018
CVSS 6.5
EPSS 0.02
CVE-2017-3158
HIGH
Apache Guacamole 0.9.5-0.9.10-incubating - Buffer Overflow via Terminal Emulator Race Condition
Jan 18, 2018
CVSS 8.1
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters