VIR Vulnerability Intelligence Relay

Search

Found 167 results in 161ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-0733 critical 9.8 9.8 apache 10y ago The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password
CVE-2015-3252 critical 9.8 9.8 apache 11y ago Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
CVE-2015-5344 critical 9.8 9.8 apache 11y ago Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands
CVE-2015-5254 critical 9.8 9.8 FIX debian debianfedora fedora redhatapache 11y ago Improper Input Validation in Apache ActiveMQ
CVE-2015-4940 low 2.1 apacheibm 11y ago Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information…
CVE-2015-3186 low 3.5 apache 11y ago Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration …
CVE-2015-3253 critical 9.8 9.8 FIX debian debian apacheoracle 11y ago Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
CVE-2014-0228 low 3.5 apache 12y ago Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
CVE-2014-3524 critical 9.3 apachelibreoffice 12y ago Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
CVE-2014-3525 critical 10.0 FIX debian debian apache 12y ago Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.
CVE-2013-7393 low 2.4 FIX debian debian apache 12y ago The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfil…
CVE-2013-4262 low 2.4 FIX debian debian apache 12y ago svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this i…
CVE-2013-0346 low 2.1 apache 13y ago Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor ha…
CVE-2013-0177 low 4.5 EXP apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x all…
CVE-2013-2192 low 3.2 apache 13y ago Improper Authentication in Apache Hadoop
CVE-2013-6398 low 2.8 apache 13y ago The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions v…
CVE-2013-6480 low 3.1 EXPFIX debian debian apache 13y ago Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
CVE-2013-4558 low 3.5 FIX debian debian apache 13y ago The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversio…
CVE-2013-4505 low 2.6 FIX debian debian apache 13y ago The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a den…
CVE-2013-4316 critical 10.0 apacheoracle 13y ago Code injection in Apache Struts
CVE-2013-4277 low 3.3 FIX debian debian apache 13y ago Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by th…
CVE-2013-2250 critical 10.0 apache 13y ago Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) function…
CVE-2013-2135 critical 9.3 apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-2134 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-1777 critical 10.0 apacheibm 13y ago Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
CVE-2013-1966 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts
CVE-2013-1965 critical 9.3 apache 13y ago Improper Control of Generation of Code in Apache Struts
CVE-2013-2071 low 2.6 apache 13y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2013-0941 low 2.1 rsaapachemicrosoft 13y ago EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Win…
CVE-2013-1845 low 2.1 FIX suse susedebian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting…
CVE-2013-0248 low 3.3 FIX debian debian apache 13y ago Incorrect Default Permissions in Apache Commons FileUpload
CVE-2012-5616 low 1.5 apachecitrix 14y ago Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) t…
CVE-2012-2379 critical 10.0 apache 14y ago XML Signature/Encryption Not Validated in Apache CXF
CVE-2012-4534 low 2.6 apache 14y ago org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to…
CVE-2012-4501 critical 10.0 apachecitrix 14y ago Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
CVE-2012-3506 critical 10.0 apache 14y ago Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
CVE-2012-2687 low 2.6 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiVi…
CVE-2012-2381 low 3.5 apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
CVE-2012-0838 critical 10.0 apache 15y ago Apache Struts Code injection due to conversion error
CVE-2012-0021 low 2.6 FIX debian debian apache 15y ago The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, w…
CVE-2011-4415 low 2.2 EXPFIX debian debian apache 15y ago The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of envi…
CVE-2000-1247 low 2.1 apache 15y ago The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensiti…
CVE-2011-2712 low 2.6 apache 15y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspe…
CVE-2011-2204 low 1.9 apache 15y ago Insertion of Sensitive Information into Log File in Apache Tomcat
CVE-2011-1772 low 3.6 EXP apacheopensymphony 15y ago Cross-site Scripting in Apache Struts
CVE-2010-3718 low 1.2 apache 16y ago Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
CVE-2010-4643 critical 9.3 apache 16y ago Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a …
CVE-2010-4253 critical 9.3 ubuntu ubuntudebian debian apache 16y ago Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a …
CVE-2010-3454 critical 9.3 debian debianubuntu ubuntu apache 16y ago Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application cr…
CVE-2010-3453 critical 9.3 debian debianubuntu ubuntu apache 16y ago The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8…
CVE-2010-3452 critical 9.3 debian debianubuntu ubuntu apache 16y ago Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…
CVE-2010-3451 critical 9.3 debian debianubuntu ubuntu apache 16y ago Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…
CVE-2010-3450 critical 9.3 debian debianubuntu ubuntu apache 16y ago Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filte…
CVE-2010-4644 low 3.5 FIX debian debian apache 16y ago Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the bla…
CVE-2010-0219 critical 10.0 EXP apachesap 16y ago Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier …
CVE-2010-2076 critical 9.8 9.8 apache 16y ago Improper Input Validation in Apache CXF
CVE-2009-4269 low 2.1 FIX debian debian apache 16y ago Use of Password Hash With Insufficient Computational Effort in Apache Derby
CVE-2010-0395 critical 9.3 fedora fedoraubuntu ubuntudebian debian apache 16y ago OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file…
CVE-2010-1157 low 3.6 EXP apache 16y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2010-0684 low 3.5 apache 16y ago Cross-site scripting in Apache ActiveMQ
CVE-2010-0136 critical 9.3 ubuntu ubuntudebian debian apache 17y ago OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted…
CVE-2009-3302 critical 9.3 ubuntu ubuntudebian debian apache 17y ago filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table p…
CVE-2009-3301 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafte…
CVE-2009-2950 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service…
CVE-2009-2949 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that…
CVE-2003-1581 low 2.6 debian debian apache 17y ago The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafte…
CVE-2009-3555 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntufedora fedora apachegnumozilla 17y ago The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…