VIR Vulnerability Intelligence Relay

Search

Found 444 results in 265ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-5394 medium 6.1 6.1 apache 9y ago Cross site scripting in Apache Sling
CVE-2017-7685 medium 5.3 5.3 apache 9y ago Apache OpenMeetings responds to insecure HTTP methods
CVE-2017-7663 medium 6.1 6.1 apache 9y ago Apache OpenMeetings Cross-site Scripting vulnerability
CVE-2017-7672 medium 5.9 5.9 apache 9y ago Apache Struts Improper Input Validation vulnerability
CVE-2017-7678 medium 6.1 6.1 apache 9y ago Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
CVE-2015-3254 medium 6.5 6.5 apache 9y ago The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
CVE-2017-7677 medium 5.9 5.9 apache 9y ago Moderate severity vulnerability that affects org.apache.ranger:ranger
CVE-2016-8751 medium 4.8 4.8 apache 9y ago Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
CVE-2016-8746 medium 5.9 5.9 apache 9y ago Apache Ranger policy engine incorrectly matches paths in certain conditions
CVE-2017-7665 medium 6.1 6.1 apache 9y ago Cross-site Scripting in Apache NiFi
CVE-2016-5004 medium 6.5 6.5 apache 9y ago ws-xmlrpc DoS Vulnerability
CVE-2017-5646 medium 6.8 6.8 apache 9y ago Apache Knox allows impersonation of users
CVE-2015-5241 medium 6.1 6.1 apache 9y ago Moderate severity vulnerability that affects org.apache.juddi:juddi-client
CVE-2017-5655 medium 6.5 6.5 apache 9y ago In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the ho…
CVE-2016-4467 medium 5.9 5.9 FIX debian debian apache 9y ago The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name …
CVE-2017-3161 medium 6.1 6.1 apache 9y ago Improper Neutralization of Input During Web Page Generation in Apache Hadoop
CVE-2017-5653 medium 5.3 5.3 apache 9y ago Improper Certificate Validation in Apache CXF
CVE-2016-6805 medium 5.9 5.9 apache 9y ago Moderate severity vulnerability that affects org.apache.ignite:ignite-core
CVE-2016-4976 medium 5.5 5.5 apache 9y ago Apache Ambari reveals administrator passwords
CVE-2017-5644 medium 5.5 5.5 FIX debian debian apache 9y ago Improper Restriction of Recursive Entity References in DTDs in Apache POI
CVE-2014-0229 medium 6.5 6.5 clouderaapache 9y ago Improper Authentication in Apache Hadoop
CVE-2016-1566 medium 5.4 5.4 apache 10y ago Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to i…
CVE-2015-3271 medium 5.3 5.3 FIX debian debian apache 10y ago Apache Tika Server exposes sensitive information
CVE-2016-5395 medium 4.8 4.8 apache 10y ago Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
CVE-2016-3089 medium 6.1 6.1 apache 10y ago Apache OpenMeetings Cross-site Scripting vulnerability
CVE-2016-0782 medium 5.4 5.4 FIX debian debian apache 10y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2016-5000 medium 5.5 5.5 debian debian apache 10y ago Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability
CVE-2016-5005 medium 4.8 4.8 apache 10y ago Apache Archiva vulnerable to Cross-site Scripting
CVE-2016-1546 medium 5.9 5.9 FIX debian debian apache 10y ago The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a …
CVE-2016-4465 medium 5.3 5.3 apache 10y ago Apache Struts vulnerable to possible DoS attack when using URLValidator
CVE-2016-3085 medium 6.5 6.5 apache 10y ago Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass auth…
CVE-2016-3093 medium 5.3 5.3 ognl_projectapache 10y ago Denial of service in Apache Struts
CVE-2016-3094 medium 5.9 5.9 apache 10y ago Improper Input Validation in org.apache.qpid:qpid-broker
CVE-2016-0731 medium 4.9 4.9 apache 10y ago The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.
CVE-2015-5208 medium 4.4 4.4 apache 10y ago Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
CVE-2015-5207 medium 5.3 5.3 apache 10y ago Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
CVE-2016-2168 medium 6.5 6.5 FIX slesdebian debian apache 10y ago The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service …
CVE-2016-2167 medium 6.8 6.8 FIX slesdebian debian apache 10y ago The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate …
CVE-2015-1776 medium 6.2 6.2 apache 10y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
CVE-2015-7520 medium 6.1 6.1 apache 10y ago Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow re…
CVE-2015-5347 medium 6.1 6.1 apache 10y ago Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.…
CVE-2016-4003 medium 6.1 6.1 sles apache 10y ago Cross-site Scripting in Apache Struts
CVE-2016-2162 medium 6.1 6.1 sles apache 10y ago Apache Struts XSS Vulnerability
CVE-2016-2166 medium 6.5 6.5 FIX fedora fedoradebian debian apache 10y ago Moderate severity vulnerability that affects org.apache.qpid:proton-j
CVE-2015-5167 medium 6.5 6.5 apache 10y ago Apache Ranger allows users to bypass intended access restrictions via the REST API
CVE-2015-3268 medium 6.1 6.1 apache 10y ago Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to …
CVE-2015-0265 medium 6.1 6.1 apache 10y ago Apache Ranger Cross-site Scripting vulnerability
CVE-2016-2163 medium 6.1 6.1 apache 10y ago Apache OpenMeetings Cross-site Scripting vulnerability
CVE-2016-0784 medium 6.5 7.5 EXP apache 10y ago Apache OpenMeetings Directory Traversal vulnerability
CVE-2016-0712 medium 6.1 6.1 apache 10y ago Cross-site Scripting in Apache Jetspeed
CVE-2016-0711 medium 6.1 6.1 apache 10y ago Apache Jetspeed vulnerable to Cross-site Scripting
CVE-2016-0734 medium 6.1 6.1 FIX debian debian apache 10y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2016-0763 medium 6.3 6.3 FIX debian debianubuntu ubuntu apache 10y ago The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLink…
CVE-2016-0706 medium 4.3 4.3 FIX slesdebian debianubuntu ubuntu apache 10y ago Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/Restrict…
CVE-2015-5345 medium 5.3 5.3 FIX slesdebian debianubuntu ubuntu apache 10y ago The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which a…
CVE-2015-5174 medium 4.3 4.3 slesdebian debianubuntu ubuntu apache 10y ago Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
CVE-2015-8797 medium 6.1 6.1 FIX debian debian apache 10y ago Improper Neutralization of Input During Web Page Generation in Apache Solr
CVE-2015-8796 medium 6.1 6.1 FIX debian debian apache 10y ago Apache Solr Cross-site scripting Vulnerability
CVE-2015-8795 medium 6.1 6.1 FIX debian debian apache 10y ago Improper Neutralization of Input During Web Page Generation in Apache Solr
CVE-2015-3251 medium 4.9 4.9 apache 11y ago Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API ca…
CVE-2015-5204 medium 4.3 apache 11y ago CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences …
CVE-2015-8320 medium 5.0 apache 11y ago Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value.
CVE-2015-5256 medium 4.3 apache 11y ago Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access…
CVE-2015-5253 medium 4.0 apache 11y ago Improper Access Control in Apache CXF
CVE-2015-5214 medium 6.8 FIX debian debianubuntu ubuntu libreofficeapache 11y ago LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary co…
CVE-2015-5213 medium 6.8 FIX debian debianubuntu ubuntu apachelibreoffice 11y ago Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbi…
CVE-2015-5212 medium 6.8 FIX debian debianubuntu ubuntu libreofficeapache 11y ago Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause…
CVE-2015-4551 medium 4.3 FIX debian debianubuntu ubuntu libreofficeapache 11y ago LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow …
CVE-2015-4928 medium 4.3 apacheibm 11y ago Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive infor…
CVE-2015-5210 medium 5.8 apache 11y ago Apache Ambari Open Redirect
CVE-2015-3270 medium 6.5 apache 11y ago Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.
CVE-2015-1775 medium 5.5 apache 11y ago Apache Ambari SSRF Vulnerability
CVE-2015-5262 medium 4.3 FIX slesdebian debianubuntu ubuntu apache 11y ago Denial of service vulnerability in org.apache.httpcomponents:httpclient
CVE-2015-6524 medium 5.0 FIX debian debianfedora fedora apache 11y ago Improper Input Validation in Apache ActiveMQ
CVE-2015-1830 medium 6.0 EXPFIX debian debian apache 11y ago Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ
CVE-2015-3187 medium 4.0 FIX debian debian apacheapple 11y ago The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive pa…
CVE-2015-3184 medium 5.0 FIX debian debian appleapache 11y ago mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read…
CVE-2015-3185 medium 4.3 FIX debian debianubuntu ubuntumacos macos apacheapple 11y ago The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather …
CVE-2015-3183 medium 5.0 FIX debian debian apache 11y ago The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a…
CVE-2015-0253 medium 5.0 FIX debian debianmacos macos apache 11y ago The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NUL…
CVE-2014-7810 medium 5.0 debian debian apache 11y ago Improper Access Control in Apache Tomcat
CVE-2015-0264 medium 5.0 apache 11y ago Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
CVE-2015-0263 medium 5.0 apache 11y ago Apache Camel XML External Entity vulnerability
CVE-2015-2944 medium 4.3 apache 11y ago Improper Neutralization of Input During Web Page Generation in Apache Sling
CVE-2015-1833 medium 7.4 EXPFIX debian debian apache 11y ago Improper Input Validation in Apache Jackrabbit
CVE-2015-1774 medium 6.8 FIX debian debianubuntu ubuntu rhel apachelibreoffice 11y ago The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code vi…
CVE-2014-8111 medium 5.0 FIX slesdebian debian apache 11y ago Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified …
CVE-2015-0251 medium 4.0 FIX suse suse rheldebian debian apacheapple 11y ago The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
CVE-2015-0248 medium 5.0 FIX slessuse suse rhel apacheapple 11y ago The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted …
CVE-2015-1773 medium 4.3 apache 11y ago Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaSc…
CVE-2015-0252 medium 6.0 EXPFIX slesfedora fedoradebian debian apache 11y ago internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
CVE-2015-0250 medium 6.4 FIX slesdebian debianubuntu ubuntu apacheredhat 11y ago Improper Input Validation in Apache Batik
CVE-2015-2091 medium 5.0 apache 11y ago The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof client…
CVE-2015-0228 medium 5.0 FIX debian debianubuntu ubuntususe suse apache 11y ago The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a…
CVE-2014-0227 medium 6.4 apache 12y ago Improper Input Validation in Apache Tomcat
CVE-2015-0227 medium 5.0 FIX debian debian apache 12y ago Improper Access Control in Apache WSS4J
CVE-2014-8110 medium 4.3 FIX debian debian apache 12y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2015-0223 medium 5.0 apache 12y ago Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
CVE-2014-8152 medium 5.0 FIX debian debian apache 12y ago Improper Input Validation in Apache Santuario XML Security
CVE-2014-9593 medium 5.0 apache 12y ago Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.