VIR Vulnerability Intelligence Relay

Search

Found 743 results in 116ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-41602 high 7.5 7.5 FIX slesdebian debian apache 1mo ago Apache Thrift TFramedTransport Go language implementation has an Integer Overflow or Wraparound vulnerability
CVE-2025-48431 high 7.5 7.5 FIX debian debian apache 1mo ago Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, w…
CVE-2026-41081 medium 6.5 6.5 apache 1mo ago Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment
CVE-2026-40557 medium 4.8 4.8 apache 1mo ago Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade
CVE-2026-27172 high 8.8 8.8 apache 1mo ago Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data
CVE-2026-40858 high 8.8 8.8 apache 1mo ago Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data
CVE-2026-40022 high 8.2 8.2 apache 1mo ago Apache Camel Vulnerable to Authentication Bypass Using an Alternate Path or Channel
CVE-2026-40473 high 8.8 8.8 apache 1mo ago Camel-MINA Vulnerable to Deserialization of Untrusted Data
CVE-2026-40048 high 7.8 7.8 apache 1mo ago Camel-PQC Vulnerable to Deserialization of Untrusted Data
CVE-2026-40542 high 7.3 7.3 FIX debian debian sles apache 1mo ago Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification
CVE-2026-40948 medium 5.4 5.4 apache 2mo ago The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An at…
CVE-2026-34479 high 7.5 7.5 FIX debian debian sles apache 2mo ago Apache Log4j 1 to Log4j 2 bridge: silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
CVE-2026-34477 medium 5.9 5.9 FIX debian debian sles apache 2mo ago Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
CVE-2026-39304 high 7.5 7.5 debian debian apache 2mo ago Apache ActiveMQ: Denial of Service via Out of Memory vulnerability
CVE-2026-34486 high 7.5 7.5 FIX slesdebian debian apache 2mo ago Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.5…
CVE-2025-55752 high 7.5 7.5 FIX rocky rhel sles apache 6mo ago Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the po…
CVE-2025-61795 medium 5.3 5.3 FIX slesdebian debian apache 7mo ago Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded …
CVE-2025-48989 high 7.5 7.5 FIX rhel rocky sles apache 10mo ago Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0…
CVE-2023-48795 medium 5.9 5.9 FIX rhel rockydebian debian apacheopenbsdputty 3y ago The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from…
CVE-2023-44487 high 7.5 10.0 KEVEXPFIX rocky rheldebian debian siemensietfnghttp2 3y ago Important: nghttp2 security update
CVE-2022-34169 high 7.5 7.5 FIX debian debian rhel sles apacheoraclenetapp 4y ago RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important)
CVE-2013-1909 medium 5.8 apache 4y ago The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al…
CVE-2022-23307 high 8.8 8.8 FIX debian debian sles rocky apacheqosoracle 4y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2022-23302 high 8.8 8.8 FIX debian debian sles rocky apachenetappbroadcom 4y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2021-44832 medium 6.6 6.6 FIX debian debian slesfedora fedora apacheoraclecisco 5y ago Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender wit…
CVE-2021-45105 medium 5.9 5.9 FIX debian debian sles apachenetappsonicwall 5y ago Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thre…
CVE-2021-4104 high 7.5 7.5 FIX debian debian sles rocky apacheredhatoracle 5y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2017-12626 high 7.5 7.5 FIX debian debian apache 6y ago Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Me…
CVE-2020-9488 low 3.7 3.7 FIX debian debian sles oracleapacheqos 6y ago Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log mess…
CVE-2017-15700 high 8.8 8.8 apache 9y ago Apache Sling Authentication Service vulnerability
CVE-2017-12630 medium 5.4 5.4 apache 9y ago Apache Drill vulnerable to Cross-site Scripting
CVE-2017-5663 high 8.8 8.8 apache 9y ago In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT que…
CVE-2014-3250 medium 6.5 6.5 FIX debian debian puppetapache 9y ago The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certi…
CVE-2017-15707 medium 6.2 6.2 apachenetapporacle 9y ago Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
CVE-2017-15701 high 7.5 7.5 apache 9y ago Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption
CVE-2017-12631 high 8.8 8.8 apache 9y ago Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
CVE-2017-3157 medium 5.5 5.5 FIX slesdebian debian rhel apache 9y ago By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrie…
CVE-2017-12608 high 7.8 7.8 FIX debian debian apache 9y ago A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory…
CVE-2017-12607 high 7.8 7.8 FIX debian debian apache 9y ago A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and appl…
CVE-2017-9806 high 7.8 7.8 FIX debian debian apache 9y ago A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory…
CVE-2016-6804 high 7.8 7.8 apache 9y ago The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated pr…
CVE-2014-0219 medium 5.5 5.5 apache 9y ago Improper Input Validation in Apache Karaf
CVE-2017-12636 high 7.2 8.2 EXPFIX arch arch sles apache 9y ago multiple issues in couchdb
CVE-2017-12624 medium 5.5 5.5 apache 9y ago Improper Input Validation in Apache CXF
CVE-2017-3166 high 7.8 7.8 apache 9y ago Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
CVE-2016-6803 high 7.8 7.8 apache 9y ago An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan …
CVE-2017-12625 medium 4.3 4.3 apache 9y ago Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
CVE-2014-0072 high 7.5 7.5 apache 9y ago ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9…
CVE-2012-5636 medium 6.1 6.1 apache 9y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vector…
CVE-2014-0115 high 7.5 7.5 apache 9y ago Apache Storm log viewer path traversal vulnerability
CVE-2012-0881 high 7.5 7.5 debian debian apache 9y ago Denial of service in Apache Xerces2
CVE-2009-1198 medium 6.1 6.1 apache 9y ago Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp.
CVE-2009-1197 medium 5.3 5.3 apache 9y ago Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.
CVE-2016-3090 high 8.8 8.8 apache 9y ago Apache Struts RCE Vulnerability
CVE-2015-0226 high 7.5 7.5 FIX debian debian apache 9y ago Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
CVE-2015-0224 high 7.5 7.5 apache 9y ago qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplet…
CVE-2014-3526 high 7.5 7.5 apache 9y ago Apache Wicket Sensitive Data Exposure
CVE-2013-4246 high 8.8 8.8 FIX debian debian apache 9y ago libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive i…
CVE-2015-1835 medium 5.3 5.3 apache 9y ago Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables…
CVE-2016-5002 high 7.8 7.8 apache 9y ago Apache XML-RPC XXE Vulnerability
CVE-2017-12618 medium 4.7 4.7 FIX debian debian slesarch arch apache 9y ago Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A loc…
CVE-2017-12613 high 7.1 7.1 FIX debian debian slesarch arch apacheredhat 9y ago When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting t…
CVE-2010-5312 medium 6.1 6.1 FIX debian debianfedora fedora jqueryuinetappapache 9y ago Cross-site Scripting in jquery-ui
CVE-2010-2232 high 7.5 7.5 FIX debian debian apache 9y ago Improper Access Control in Apache Derby
CVE-2017-12628 high 7.8 7.8 apache 9y ago Apache James Privilege Escalation
CVE-2017-5635 high 7.5 7.5 apache 9y ago Improper Authentication In Apache NiFi
CVE-2016-8748 medium 5.4 5.4 apache 9y ago Cross-site Scripting in Apache NiFi
CVE-2016-4461 high 8.8 8.8 apachenetapp 9y ago Apache Struts forced double OGNL evaluation
CVE-2016-8734 medium 6.5 6.5 FIX slesdebian debian apache 9y ago Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The a…
CVE-2016-6815 medium 6.5 6.5 apache 9y ago Moderate severity vulnerability that affects org.apache.ranger:ranger
CVE-2017-12623 medium 6.5 6.5 apache 9y ago XML External Entity Reference in Apache NiFi
CVE-2017-5637 high 7.5 8.5 EXPFIX debian debian apache 9y ago Uncontrolled Resource Consumption in Apache ZooKeeper
CVE-2017-9792 medium 6.5 6.5 apache 9y ago In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" a…
CVE-2017-9797 medium 6.5 6.5 apache 9y ago Apache Geode vulnerable to Exposure of Sensitive Information
CVE-2016-6806 high 8.8 8.8 apache 9y ago Apache Wicket vulnerable to CSRF attacks
CVE-2014-0043 medium 5.3 5.3 apache 9y ago Apache Wicket allows attackers to check for third-party libraries
CVE-2017-9794 medium 4.3 4.3 apache 9y ago Apache Geode gfsh query vulnerability
CVE-2016-4434 high 7.8 7.8 FIX debian debian apache 9y ago Apache Tika does not properly initialize the XML parser or choose handlers
CVE-2017-9790 high 7.5 7.5 apache 9y ago Use after free in Apache Mesos
CVE-2017-7687 high 7.5 7.5 apache 9y ago Denial of service in Apache Mesos
CVE-2015-5169 medium 6.1 6.1 apache 9y ago Cross-site Scripting in Apache Struts
CVE-2017-9804 high 7.5 7.5 apache 9y ago Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
CVE-2017-9793 high 7.5 7.5 apache 9y ago The REST Plugin in Apache Struts is using an outdated XStream library
CVE-2016-8738 medium 5.9 5.9 apache 9y ago Apache Struts vulnerable to possible DoS attack when using URLValidator
CVE-2017-12616 high 7.5 7.5 sles apache 9y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2017-9803 high 7.5 7.5 FIX debian debian apache 9y ago Apache Solr Kerberos delegation token functionality flaws
CVE-2017-9798 high 7.5 8.5 EXPFIX debian debianarch arch sles apache 9y ago Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb…
CVE-2014-7808 high 7.5 7.5 apache 9y ago Apache Wicket insecure defaults
CVE-2017-3165 medium 5.4 5.4 apache 9y ago Cross-site Scripting In Apache Brooklyn
CVE-2017-12612 high 7.8 7.8 apache 9y ago Apache Spark Deserialization of Untrusted Data vulnerability
CVE-2016-8744 high 8.8 8.8 apache 9y ago Deserialization of Untrusted Data in Apache Brooklyn
CVE-2016-8737 high 8.8 8.8 apache 9y ago Apache Brooklyn is vulnerable to cross-site request forgery (CSRF)
CVE-2014-9635 medium 5.3 5.3 jenkinsapache 9y ago Jenkins HttpOnly flag not Set for session cookies
CVE-2014-9634 medium 5.3 5.3 jenkinsapache 9y ago Jenkins secure flag not set on session cookies
CVE-2015-3250 high 7.5 7.5 FIX debian debian apache 9y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
CVE-2016-5001 medium 5.5 5.5 apache 9y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
CVE-2016-6800 medium 6.1 6.1 apache 9y ago The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creatio…
CVE-2016-4462 high 8.8 8.8 apache 9y ago By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Fr…
CVE-2017-3163 high 7.5 7.5 FIX debian debian apache 9y ago Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core
CVE-2017-3155 medium 6.1 6.1 apache 9y ago Cross-site Scripting in Apache Atlas