apache
3,096 tracked vulnerabilities.
CVE-2017-7673
CRITICAL
Apache OpenMeetings 1.0.0 - Info Disclosure
Jul 17, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-7666
HIGH
Apache OpenMeetings 1.0.0 - Cross-Site Request Forgery
Jul 17, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-7664
CRITICAL
Apache OpenMeetings 3.1.0 - Info Disclosure
Jul 17, 2017
CVSS 10.0
EPSS 0.02
CVE-2017-7663
MEDIUM
Apache OpenMeetings 3.2.0 - Stored Cross-Site Scripting in Global and Room Chat
Jul 17, 2017
CVSS 6.1
EPSS 0.03
CVE-2017-9789
HIGH
Apache httpd 2.4.26 - Memory Corruption
Jul 13, 2017
CVSS 7.5
EPSS 0.10
CVE-2017-9788
CRITICAL
Apache httpd <2.2.34 & 2.4.x <2.4.27 - Info Disclosure
Jul 13, 2017
CVSS 9.1
EPSS 0.57
CVE-2017-9787
HIGH
Apache Struts - Denial of Service via Spring AOP Functionality
Jul 13, 2017
CVSS 7.5
EPSS 0.10
CVE-2017-7672
MEDIUM
Apache Struts 2.5.0-2.5.10.1 - Denial of Service via URLValidator
Jul 13, 2017
CVSS 5.9
EPSS 0.09
CVE-2017-7678
MEDIUM
Apache Spark <2.2.0 - Info Disclosure
Jul 12, 2017
CVSS 6.1
EPSS 0.03
CVE-2017-5652
HIGH
Apache Impala 2.7.0-2.8.0 - Cleartext Transmission of Sensitive Information via StatestoreSubscriber Thrift Transport
Jul 10, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-5640
CRITICAL
Apache Impala 2.7.0-2.8.0 - Improper Authentication via Early SASL Handshake Completion
Jul 10, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-7670
HIGH
Apache Traffic Control - Denial of Service via Slowloris Attack
Jul 10, 2017
CVSS 7.5
EPSS 0.05
CVE-2017-9791
CRITICAL
KEVNUCLEI
Apache Struts 2.1.x and 2.3.x - Remote Code Execution via ActionMessage Field Value
Jul 10, 2017
CVSS 9.8
EPSS 0.99
CVE-2017-7660
HIGH
Apache Solr 5.3.0-5.5.4 and 6.0-6.5.1 - Improper Authentication via Malicious Node Name
Jul 07, 2017
CVSS 7.5
EPSS 0.06
CVE-2017-7686
HIGH
Apache Ignite <2.0 - Info Disclosure
Jun 28, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-7679
CRITICAL
Apache httpd <2.2.33, <2.4.26 - Buffer Overflow
Jun 20, 2017
CVSS 9.8
EPSS 0.39
CVE-2017-7668
HIGH
Apache HTTP Server 2.2.32-2.4.24 - Out-of-bounds Read via Token List Parsing
Jun 20, 2017
CVSS 7.5
EPSS 0.57
CVE-2017-3169
CRITICAL
Apache HTTP Server 2.2.x < 2.2.33 and 2.4.x < 2.4.26 - NULL Pointer Dereference in mod_ssl
Jun 20, 2017
CVSS 9.8
EPSS 0.20
CVE-2017-3167
CRITICAL
Apache HTTP Server 2.2.0-2.2.32 - Authentication Bypass via ap_get_basic_auth_pw()
Jun 20, 2017
CVSS 9.8
EPSS 0.20
CVE-2017-7677
MEDIUM
Apache Ranger <0.7.1 - Privilege Escalation
Jun 14, 2017
CVSS 5.9
EPSS 0.03
CVE-2017-7676
CRITICAL
Apache Ranger <0.7.1 - Path Traversal
Jun 14, 2017
CVSS 9.8
EPSS 0.04
CVE-2017-7667
HIGH
Apache NiFi <1.3.0 - Info Disclosure
Jun 12, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-7665
MEDIUM
Apache NiFi < 0.7.4 and 1.x < 1.3.0 - Stored Cross-Site Scripting
Jun 12, 2017
CVSS 6.1
EPSS 0.04
CVE-2017-5664
HIGH
Apache Tomcat 7.0.0-7.0.77, 8.0.0.RC1-8.0.43, 8.5.0-8.5.14, 9.0.0.M1-9.0.0.M20 - Error Page Exception Handling Flaw
Jun 06, 2017
CVSS 7.5
EPSS 0.17
CVE-2017-7669
HIGH
Apache Hadoop <3.0.0-alpha2 - Command Injection
Jun 05, 2017
CVSS 7.5
EPSS 0.02
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters