VIR Vulnerability Intelligence Relay

Search

Found 81 results in 321ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-23918 high 8.8 9.8 EXPFIX debian debian sleswindows windows apache 1mo ago Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which f…
CVE-2023-44487 high 7.5 10.0 KEVEXPFIX rocky rheldebian debian siemensietfnghttp2 3y ago The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2017-12636 high 7.2 8.2 EXPFIX arch arch sles apache 9y ago multiple issues in couchdb
CVE-2017-12635 critical 9.8 10.0 EXPFIX slesarch arch apache 9y ago multiple issues in couchdb
CVE-2017-12629 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntu rhel apacheredhat 9y ago Remote code execution occurs in Apache Solr
CVE-2017-5637 high 7.5 8.5 EXPFIX debian debian apache 9y ago Uncontrolled Resource Consumption in Apache ZooKeeper
CVE-2014-0030 critical 9.8 10.0 EXP apache 9y ago The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVE-2017-12611 critical 9.8 10.0 EXP apache 9y ago Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
CVE-2017-9798 high 7.5 8.5 EXPFIX debian debianarch arch sles apache 9y ago Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb…
CVE-2016-0736 high 7.5 8.5 EXPFIX slesdebian debian apache 9y ago In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by defaul…
CVE-2016-6816 high 7.1 8.1 EXPFIX slesdebian debian apache 9y ago The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could b…
CVE-2016-8740 high 7.5 8.5 EXPFIX debian debian sles apache 10y ago The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to ca…
CVE-2016-5425 high 7.8 8.8 EXP rhel apacheoracle 10y ago The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows l…
CVE-2016-1240 high 7.8 8.8 EXP debian debianubuntu ubuntu apache 10y ago The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 …
CVE-2016-4469 high 8.8 9.8 EXP apache 10y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repo…
CVE-2016-3087 critical 9.8 10.0 EXP apache 10y ago Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
CVE-2015-7611 high 8.1 9.1 EXP apache 10y ago Apache James Server OS Command Injection
CVE-2016-3081 high 8.1 9.1 EXP sles apacheoracle 10y ago Apache Struts RCE Vulnerability
CVE-2016-0784 medium 6.5 7.5 EXP apache 10y ago Apache OpenMeetings Directory Traversal vulnerability
CVE-2016-0710 high 8.8 9.8 EXP apache 10y ago Apache Jetspeed vulnerable to SQL Injection
CVE-2016-0709 high 7.2 8.2 EXP apache 10y ago Path Traversal in Apache Jetspeed
CVE-2016-0956 high 7.5 8.5 EXP macos macos linux-kernel apacheadobe 11y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
CVE-2015-1830 medium 6.0 EXPFIX debian debian apache 11y ago Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ
CVE-2015-1833 medium 7.4 EXPFIX debian debian apache 11y ago Improper Input Validation in Apache Jackrabbit
CVE-2015-0252 medium 6.0 EXPFIX slesfedora fedoradebian debian apache 11y ago internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
CVE-2014-0226 medium 7.8 EXPFIX debian debian rhel apacheredhatoracle 12y ago Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…
CVE-2011-4367 medium 6.0 EXPFIX debian debian apache 12y ago Apache MyFaces Vulnerable to Path Traversal
CVE-2014-0114 high 8.5 EXPFIX debian debian apache 12y ago Arbitrary code execution in Apache Commons BeanUtils
CVE-2014-0113 high 8.5 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0112 high 8.5 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0050 high 8.5 EXPFIX debian debian apacheoracle 12y ago Commons FileUpload Denial of service vulnerability
CVE-2014-2668 medium 6.0 EXP apache 12y ago Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
CVE-2014-0094 medium 6.0 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2013-0177 low 4.5 EXP apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x all…
CVE-2013-6480 low 3.1 EXPFIX debian debian apache 13y ago Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
CVE-2013-4212 medium 7.8 EXP apache 13y ago Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated b…
CVE-2013-6357 medium 7.8 EXP apache 13y ago Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that…
CVE-2013-4295 medium 6.0 EXP apache 13y ago Apache Shindig PHP Sensitive Information Disclosure
CVE-2013-5697 high 8.5 EXP simone_telliniapache 13y ago SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
CVE-2013-2160 medium 6.0 EXP apache 13y ago Missing XML Validation in Apache CXF
CVE-2013-2088 high 8.1 EXPFIX suse susedebian debian apachecollabnet 13y ago contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-2248 medium 6.8 EXP apache 13y ago Open redirect in Apache Struts
CVE-2013-2134 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-2765 medium 6.0 EXPFIX debian debiansuse suse trustwaveapache 13y ago The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request …
CVE-2013-2115 high 8.1 9.1 EXP apache 13y ago Code injection in Apache Struts
CVE-2013-1966 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts
CVE-2013-1884 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval…
CVE-2013-1847 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an …
CVE-2013-1814 medium 5.0 EXP apache 13y ago Apache Rave information disclosure vulnerability
CVE-2012-2138 medium 6.0 EXP apache 14y ago Apache Sling POST Servlets Denial of Service Vulnerability
CVE-2012-0840 medium 6.0 EXPFIX debian debian apache 15y ago tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependen…
CVE-2012-1007 medium 5.3 EXP apache 15y ago Withdrawn Advisory: Apache Struts XSS
CVE-2012-1006 medium 5.3 EXP apache 15y ago Apache Struts Multiple Cross-site Scripting Vulnerabilities
CVE-2012-0053 medium 5.3 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to …
CVE-2012-0031 medium 5.6 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a …
CVE-2011-5057 medium 6.0 EXP apache 15y ago Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attacke…
CVE-2012-0394 medium 7.8 EXP apache 15y ago Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
CVE-2012-0393 medium 7.4 EXP apache 15y ago Apache Struts's ParameterInterceptor component does not prevent access to public constructors
CVE-2012-0392 medium 7.8 EXP apache 15y ago Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
CVE-2011-4858 medium 6.0 EXP apache 15y ago Improper Input Validation in Apache Tomcat
CVE-2011-5034 high 8.8 EXP apache 15y ago Apache Geronimo Hash Collisions Cause DoS
CVE-2007-6750 medium 6.0 EXPFIX debian debian apache 15y ago The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtime…
CVE-2011-4317 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use o…
CVE-2011-3639 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2…
CVE-2011-4415 low 2.2 EXPFIX debian debian apache 15y ago The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of envi…
CVE-2011-3607 medium 5.4 EXPFIX debian debian apache 15y ago Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to ga…
CVE-2011-3368 medium 6.0 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch patte…
CVE-2011-3192 high 8.8 EXPFIX debian debianubuntu ubuntususe suse apache 15y ago The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range head…
CVE-2011-0419 medium 5.3 EXPFIX debian debianmacos macosfreebsd freebsd apache 15y ago Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in …
CVE-2011-1772 low 3.6 EXP apacheopensymphony 15y ago Cross-site Scripting in Apache Struts
CVE-2010-3449 medium 7.8 EXP jesse_mcconnellapache 16y ago Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum…
CVE-2010-4172 medium 5.3 EXP apache 16y ago Improper Neutralization of Input During Web Page Generation in Apache Tomcat
CVE-2010-3863 medium 6.0 EXPFIX debian debian apachejsecurity 16y ago Apache Shiro Path Traversal vulnerability
CVE-2010-0219 critical 10.0 EXP apachesap 16y ago Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier …
CVE-2010-1870 medium 6.0 EXP apache 16y ago Server side object manipulation in Apache Struts
CVE-2010-2227 medium 7.4 EXP apache 16y ago Apache Tomcat does not properly handle an invalid Transfer-Encoding header
CVE-2010-2103 medium 5.3 EXPFIX debian debian apache3comsap 16y ago Improper Neutralization of Input During Web Page Generation in Apache Axis2
CVE-2010-1587 medium 6.0 EXP apache 16y ago Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
CVE-2010-1157 low 3.6 EXP apache 16y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2010-0432 medium 5.3 EXP apache 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inje…
CVE-2009-3555 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntufedora fedora apachegnumozilla 17y ago The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…