apache
3,096 tracked vulnerabilities.
CVE-2017-3166
HIGH
Apache Hadoop 2.6.1-2.6.5, 2.7.0-2.7.3, 3.0.0-alpha1-3.0.0-alpha3 - Sensitive File Exposure via YARN
Nov 13, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-12625
MEDIUM
Apache Hive <2.1.2, <2.2.1, <2.3.1 - Sensitive Information Exposure via Masking Bypass
Nov 01, 2017
CVSS 4.3
EPSS 0.01
CVE-2017-12618
MEDIUM
Apache Portable Runtime Utility <= 1.6.0 - Out-of-bounds Read via SDBM Database File
Oct 24, 2017
CVSS 4.7
EPSS 0.01
CVE-2017-12613
HIGH
Apache Portable Runtime < 1.7.0 - Out-of-bounds Read via Invalid Month Field
Oct 24, 2017
CVSS 7.1
EPSS 0.02
CVE-2017-12628
HIGH
Apache James < 3.0.1 - Deserialization of Untrusted Data via JMX Server
Oct 20, 2017
CVSS 7.8
EPSS 0.01
CVE-2017-5636
CRITICAL
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Permission Impersonation via Crafted Username
Oct 19, 2017
CVSS 9.8
EPSS 0.04
CVE-2017-5635
HIGH
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Improper Authentication in Cluster Request Replication
Oct 19, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-12629
CRITICAL
NUCLEI
Apache Solr < 7.1 - Remote Code Execution via XXE in XML Query Parser
Oct 14, 2017
CVSS 9.8
EPSS 0.92
CVE-2017-12623
MEDIUM
Apache NiFi 1.0.0-1.3.0 - Authenticated XML External Entity Injection via Template Upload
Oct 10, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-5637
HIGH
Apache ZooKeeper 3.4.0-3.4.9 and 3.5.0-3.5.2 - Unauthenticated Denial of Service via wchp/wchc Commands
Oct 10, 2017
CVSS 7.5
EPSS 0.74
CVE-2017-9792
MEDIUM
Apache Impala <2.10.0 - Privilege Escalation
Oct 04, 2017
CVSS 6.5
EPSS 0.02
CVE-2017-12617
HIGH
KEVNUCLEI
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
Oct 04, 2017
CVSS 8.1
EPSS 1.00
CVE-2017-9797
MEDIUM
Apache Geode <v1.2.1 - Info Disclosure/DoS
Oct 03, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-12620
CRITICAL
Apache OpenNLP 1.5.0-1.5.3 1.6.0 1.7.0-1.7.2 1.8.0-1.8.1 - XML External Entity Injection
Oct 03, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-9794
MEDIUM
Apache Geode <1.2.1 - Info Disclosure
Sep 30, 2017
CVSS 4.3
EPSS 0.01
CVE-2017-9790
HIGH
Apache Mesos <1.1.3, 1.2.x <1.2.2, 1.3.x <1.3.1, 1.4.0-dev - DoS
Sep 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-7687
HIGH
Apache Mesos <1.1.3-1.4.0-dev - DoS
Sep 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-12621
CRITICAL
Apache Commons Jelly < 1.0.1 - XML External Entity Injection via Custom Doctype Entity
Sep 28, 2017
CVSS 9.8
EPSS 0.09
CVE-2017-9804
HIGH
Apache Struts 2.3.7-2.3.33, 2.5-2.5.12 - DoS
Sep 20, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-9793
HIGH
Apache Struts 2.1.x 2.3.7-2.3.33 2.5-2.5.12 - Denial of Service via Malicious XML Payload
Sep 20, 2017
CVSS 7.5
EPSS 0.09
CVE-2017-12611
CRITICAL
NUCLEI
Apache Struts 2.0.0-2.3.33 and 2.5-2.5.10.1 - Remote Code Execution via Freemarker Tag Expression
Sep 20, 2017
CVSS 9.8
EPSS 0.88
CVE-2017-12616
HIGH
Apache Tomcat 7.0.0-7.0.80 - Exposure of Sensitive Information via VirtualDirContext
Sep 19, 2017
CVSS 7.5
EPSS 0.71
CVE-2017-12615
HIGH
KEVNUCLEI
Apache Tomcat 7.0.0-7.0.79 - Unauthenticated Remote Code Execution via JSP Upload
Sep 19, 2017
CVSS 8.1
EPSS 1.00
CVE-2017-9803
HIGH
Apache Solr 6.2.0-6.6.0 - Privilege Escalation via Kerberos Delegation Token Configuration
Sep 18, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-9798
HIGH
Apache httpd <2.4.28 - Use After Free
Sep 18, 2017
CVSS 7.5
EPSS 0.95
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters