VIR Vulnerability Intelligence Relay

Search

Found 56 results in 534ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-12635 critical 9.8 10.0 EXPFIX slesarch arch apache 9y ago multiple issues in couchdb
CVE-2017-12629 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntu rhel apacheredhat 9y ago Remote code execution occurs in Apache Solr
CVE-2014-0030 critical 9.8 10.0 EXP apache 9y ago The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVE-2017-12611 critical 9.8 10.0 EXP apache 9y ago Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
CVE-2016-3087 critical 9.8 10.0 EXP apache 10y ago Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
CVE-2016-0784 medium 6.5 7.5 EXP apache 10y ago Apache OpenMeetings Directory Traversal vulnerability
CVE-2015-1830 medium 6.0 EXPFIX debian debian apache 11y ago Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ
CVE-2015-1833 medium 7.4 EXPFIX debian debian apache 11y ago Improper Input Validation in Apache Jackrabbit
CVE-2015-0252 medium 6.0 EXPFIX slesfedora fedoradebian debian apache 11y ago internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
CVE-2014-0226 medium 7.8 EXPFIX debian debian rhel apacheredhatoracle 12y ago Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…
CVE-2011-4367 medium 6.0 EXPFIX debian debian apache 12y ago Apache MyFaces Vulnerable to Path Traversal
CVE-2014-2668 medium 6.0 EXP apache 12y ago Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
CVE-2014-0094 medium 6.0 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2013-0177 low 4.5 EXP apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x all…
CVE-2013-6480 low 3.1 EXPFIX debian debian apache 13y ago Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
CVE-2013-4212 medium 7.8 EXP apache 13y ago Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated b…
CVE-2013-6357 medium 7.8 EXP apache 13y ago Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that…
CVE-2013-4295 medium 6.0 EXP apache 13y ago Apache Shindig PHP Sensitive Information Disclosure
CVE-2013-2160 medium 6.0 EXP apache 13y ago Missing XML Validation in Apache CXF
CVE-2013-2248 medium 6.8 EXP apache 13y ago Open redirect in Apache Struts
CVE-2013-2134 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-2765 medium 6.0 EXPFIX debian debiansuse suse trustwaveapache 13y ago The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request …
CVE-2013-1966 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts
CVE-2013-1884 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval…
CVE-2013-1847 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an …
CVE-2013-1814 medium 5.0 EXP apache 13y ago Apache Rave information disclosure vulnerability
CVE-2012-2138 medium 6.0 EXP apache 14y ago Apache Sling POST Servlets Denial of Service Vulnerability
CVE-2012-0840 medium 6.0 EXPFIX debian debian apache 15y ago tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependen…
CVE-2012-1007 medium 5.3 EXP apache 15y ago Withdrawn Advisory: Apache Struts XSS
CVE-2012-1006 medium 5.3 EXP apache 15y ago Apache Struts Multiple Cross-site Scripting Vulnerabilities
CVE-2012-0053 medium 5.3 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to …
CVE-2012-0031 medium 5.6 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a …
CVE-2011-5057 medium 6.0 EXP apache 15y ago Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attacke…
CVE-2012-0394 medium 7.8 EXP apache 15y ago Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
CVE-2012-0393 medium 7.4 EXP apache 15y ago Apache Struts's ParameterInterceptor component does not prevent access to public constructors
CVE-2012-0392 medium 7.8 EXP apache 15y ago Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
CVE-2011-4858 medium 6.0 EXP apache 15y ago Improper Input Validation in Apache Tomcat
CVE-2007-6750 medium 6.0 EXPFIX debian debian apache 15y ago The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtime…
CVE-2011-4317 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use o…
CVE-2011-3639 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2…
CVE-2011-4415 low 2.2 EXPFIX debian debian apache 15y ago The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of envi…
CVE-2011-3607 medium 5.4 EXPFIX debian debian apache 15y ago Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to ga…
CVE-2011-3368 medium 6.0 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch patte…
CVE-2011-0419 medium 5.3 EXPFIX debian debianmacos macosfreebsd freebsd apache 15y ago Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in …
CVE-2011-1772 low 3.6 EXP apacheopensymphony 15y ago Cross-site Scripting in Apache Struts
CVE-2010-3449 medium 7.8 EXP jesse_mcconnellapache 16y ago Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum…
CVE-2010-4172 medium 5.3 EXP apache 16y ago Improper Neutralization of Input During Web Page Generation in Apache Tomcat
CVE-2010-3863 medium 6.0 EXPFIX debian debian apachejsecurity 16y ago Apache Shiro Path Traversal vulnerability
CVE-2010-0219 critical 10.0 EXP apachesap 16y ago Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier …
CVE-2010-1870 medium 6.0 EXP apache 16y ago Server side object manipulation in Apache Struts
CVE-2010-2227 medium 7.4 EXP apache 16y ago Apache Tomcat does not properly handle an invalid Transfer-Encoding header
CVE-2010-2103 medium 5.3 EXPFIX debian debian apache3comsap 16y ago Improper Neutralization of Input During Web Page Generation in Apache Axis2
CVE-2010-1587 medium 6.0 EXP apache 16y ago Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
CVE-2010-1157 low 3.6 EXP apache 16y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2010-0432 medium 5.3 EXP apache 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inje…
CVE-2009-3555 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntufedora fedora apachegnumozilla 17y ago The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…