VIR Vulnerability Intelligence Relay

Search

Found 428 results in 213ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-6793 critical 9.1 9.1 apache 9y ago The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the pe…
CVE-2015-0249 high 7.2 7.2 apache 9y ago The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka…
CVE-2017-9789 high 7.5 7.5 FIX debian debianarch arch sles apache 9y ago When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
CVE-2017-9788 critical 9.1 9.1 FIX debian debianarch arch sles apachenetappredhat 9y ago In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assi…
CVE-2017-9787 high 7.5 7.5 sles apache 9y ago Spring AOP functionality (Struts) vulnerable to DoS attack
CVE-2017-5652 high 7.5 7.5 apache 9y ago During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in…
CVE-2017-5640 critical 9.8 9.8 apache 9y ago It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (…
CVE-2017-7670 high 7.5 7.5 apache 9y ago Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack
CVE-2017-7660 high 7.5 7.5 FIX debian debian apache 9y ago Apache Solr insecure inter-node communication
CVE-2017-7686 high 7.5 7.5 apache 9y ago Apache Ignite communicates to an external PHP server where sensitive information is sent
CVE-2017-7679 critical 9.8 9.8 FIX debian debianarch arch sles apache 9y ago In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
CVE-2017-7668 high 7.5 7.5 FIX debian debianarch arch rhel apachenetapporacle 9y ago The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously…
CVE-2017-3169 critical 9.8 9.8 FIX debian debianarch arch sles apache 9y ago In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2017-3167 critical 9.8 9.8 FIX debian debianarch arch sles apachenetappredhat 9y ago In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being…
CVE-2017-7676 critical 9.8 9.8 apache 9y ago Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
CVE-2017-7667 high 7.5 7.5 apache 9y ago Origin Validation Error in Apache NiFi
CVE-2015-5175 high 7.5 7.5 apache 9y ago Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks
CVE-2017-5664 high 7.5 7.5 FIX slesdebian debian apache 9y ago The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwa…
CVE-2017-7669 high 7.5 7.5 apache 9y ago Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation
CVE-2016-3083 high 7.5 7.5 apache 9y ago org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
CVE-2017-6891 high 8.8 8.8 FIX arch arch slesdebian debian gnuapache 9y ago Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a spe…
CVE-2017-5657 high 8.0 8.0 apache 9y ago Apache Archiva vulnerable to Cross Site Request Forgery
CVE-2017-7662 high 8.8 8.8 apache 9y ago Cross-Site Request Forgery in Apache CXF Fediz
CVE-2017-7661 high 8.8 8.8 apache 9y ago Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2
CVE-2016-8741 high 7.5 7.5 apache 9y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java
CVE-2017-5654 high 7.5 7.5 apache 9y ago In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
CVE-2016-6799 high 7.5 7.5 apache 9y ago Information Exposure in cordova-android
CVE-2017-3162 high 7.3 7.3 apache 9y ago Improper Input Validation in Apache Hadoop
CVE-2017-5656 high 7.5 7.5 apache 9y ago Session Fixation in Apache CXF
CVE-2017-5662 high 7.3 7.3 FIX debian debian sles apache 9y ago Improper Restriction of XML External Entity Reference in Apache Batik
CVE-2017-5661 high 7.3 7.3 FIX arch arch slesdebian debian apache 9y ago Improper Restriction of XML External Entity Reference in Apache FOP
CVE-2017-5645 critical 9.8 9.8 FIX debian debian sles rhel apachenetappredhat 9y ago Deserialization of Untrusted Data in Log4j
CVE-2017-5659 high 7.5 7.5 FIX debian debian apache 9y ago Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
CVE-2016-5396 high 7.5 7.5 FIX debian debian apache 9y ago Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.
CVE-2017-5651 critical 9.8 9.8 FIX slesdebian debian apache 9y ago In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, …
CVE-2017-5650 high 7.5 7.5 FIX debian debian apache 9y ago In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting f…
CVE-2017-5648 critical 9.1 9.1 FIX slesdebian debian apache 9y ago While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use th…
CVE-2017-5647 high 7.5 7.5 FIX slesdebian debian apache 9y ago A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in…
CVE-2016-4970 high 7.5 7.5 FIX debian debian nettyredhatapache 9y ago Loop with Unreachable Exit Condition in Netty
CVE-2016-6808 critical 9.8 9.8 FIX debian debian apache 9y ago Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
CVE-2016-0779 critical 9.8 9.8 apache 9y ago The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.
CVE-2016-6811 high 8.8 8.8 apache 9y ago Insecure Inherited Permissions in Apache Hadoop
CVE-2016-6809 critical 9.8 9.8 FIX debian debian apache 9y ago Apache Tika allows Java code execution for serialized objects embedded in MATLAB files
CVE-2017-5649 high 7.5 7.5 apache 9y ago Apache Geode information disclosure vulnerability
CVE-2017-5642 critical 9.8 9.8 apache 9y ago During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.
CVE-2014-3582 critical 9.8 9.8 apache 9y ago In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.
CVE-2016-6807 critical 9.8 9.8 apache 9y ago Apache Ambari Improper Access Control
CVE-2016-8749 critical 9.8 9.8 apache 9y ago Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks
CVE-2016-9775 high 7.8 7.8 ubuntu ubuntudebian debian apache 9y ago The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 L…
CVE-2016-9774 high 7.8 7.8 ubuntu ubuntudebian debian apache 9y ago The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7…
CVE-2016-6816 high 7.1 8.1 EXPFIX slesdebian debian apache 9y ago The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could b…
CVE-2017-5643 high 7.4 7.4 apache 9y ago Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
CVE-2017-3159 critical 9.8 9.8 apache 9y ago Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization
CVE-2016-6497 high 7.5 7.5 apache 10y ago main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all searc…
CVE-2015-3188 critical 9.8 9.8 apache 10y ago Apache Storm remote code execution vulnerability
CVE-2016-8740 high 7.5 8.5 EXPFIX debian debian sles apache 10y ago The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to ca…
CVE-2016-5393 high 8.8 8.8 apache 10y ago Improper Access Control in Apache Hadoop
CVE-2016-1000031 critical 9.8 9.8 slesdebian debian apache 10y ago Improper Access Control in commons-fileupload
CVE-2016-6325 high 7.8 7.8 rhel apacheredhat 10y ago The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which all…
CVE-2016-5425 high 7.8 8.8 EXP rhel apacheoracle 10y ago The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows l…
CVE-2015-1832 critical 9.1 9.1 FIX debian debian apache 10y ago Improper Restriction of XML External Entity Reference in Apace Derby
CVE-2016-5019 critical 9.8 9.8 apache 10y ago Apache MyFaces Trinidad Deserialization Vulnerability
CVE-2016-4436 critical 9.8 9.8 apache 10y ago Apache Struts improper action name cleanup
CVE-2016-1240 high 7.8 8.8 EXP debian debianubuntu ubuntu apache 10y ago The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 …
CVE-2016-4978 high 7.2 7.2 rhel apacheredhat 10y ago Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain
CVE-2016-4464 critical 9.8 9.8 apache 10y ago High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2
CVE-2016-6801 high 8.8 8.8 FIX debian debian apache 10y ago Apache Jackrabbit Authentication Hijacking Vulnerability
CVE-2016-5017 high 8.1 8.1 FIX debian debian apache 10y ago Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command str…
CVE-2016-6802 high 7.5 7.5 FIX debian debian apache 10y ago Improper Access Control in Apache Shiro
CVE-2016-0760 high 8.8 8.8 apache 10y ago Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive built…
CVE-2016-1513 high 7.8 7.8 FIX debian debian apache 10y ago The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) …
CVE-2016-1238 high 7.8 7.8 FIX slesfedora fedorasuse suse perlapache 10y ago (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encod…
CVE-2016-4469 high 8.8 9.8 EXP apache 10y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repo…
CVE-2016-5388 high 8.1 8.1 FIX sles rheldebian debian hpapache 10y ago Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted cli…
CVE-2016-5387 high 8.1 8.1 FIX debian debian slesfedora fedora apachehporacle 10y ago The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh…
CVE-2016-4974 high 7.5 7.5 apache 10y ago Improper Input Validation in Apache Qpid AMQP 0-x JMS
CVE-2016-4463 high 7.5 7.5 FIX slesdebian debian apache 10y ago Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
CVE-2016-4979 high 7.5 7.5 FIX debian debian sles apache 10y ago The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allow…
CVE-2016-4438 critical 9.8 9.8 sles apache 10y ago Arbitrary code execution in Apache Struts 2
CVE-2016-4433 high 7.5 7.5 apache 10y ago Apache Struts Open Redirect
CVE-2016-4431 high 7.5 7.5 apache 10y ago Apache Struts Access Control Redirect
CVE-2016-4430 high 8.8 8.8 apache 10y ago Apache Struts CSRF Vulnerability
CVE-2016-3092 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu apachehp 10y ago The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, all…
CVE-2016-1182 high 8.2 8.2 sles apache 10y ago Improper Input Validation in Apache Struts
CVE-2016-1181 high 8.1 8.1 oracleapache 10y ago Improper Input Validation in Apache Struts
CVE-2015-0899 high 7.5 7.5 apache 10y ago Improper Input Validation in Apache Struts
CVE-2016-2174 high 7.2 7.2 apache 10y ago SQL injection vulnerability in the policy admin tool in Apache Ranger
CVE-2016-3087 critical 9.8 10.0 EXP apache 10y ago Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
CVE-2015-7611 high 8.1 9.1 EXP apache 10y ago Apache James Server OS Command Injection
CVE-2016-4432 critical 9.1 9.1 apache 10y ago AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
CVE-2016-2175 high 7.8 7.8 FIX debian debian apache 10y ago High severity vulnerability that affects org.apache.pdfbox:pdfbox
CVE-2016-0707 low 3.3 3.3 apache 10y ago The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive infor…
CVE-2016-2099 critical 9.8 9.8 FIX suse susedebian debian apache 10y ago Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML d…
CVE-2016-3082 critical 9.8 9.8 apache 10y ago Remote Code Execution in Apache Struts
CVE-2016-3081 high 8.1 9.1 EXP sles apacheoracle 10y ago Apache Struts RCE Vulnerability
CVE-2015-5348 high 8.1 8.1 apache 10y ago Apache Camel can allow remote attackers to execute arbitrary commands
CVE-2015-5343 high 7.6 7.6 FIX debian debian apache 10y ago Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server cra…
CVE-2016-0785 high 8.8 8.8 sles apache 10y ago Apache Struts RCE Vulnerability
CVE-2016-2170 critical 9.8 9.8 apache 10y ago Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections l…
CVE-2016-0733 critical 9.8 9.8 apache 10y ago The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password