VIR Vulnerability Intelligence Relay

Search

Found 743 results in 174ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-3154 high 7.5 7.5 apache 9y ago Apache Atlas produces Stack trace in error response
CVE-2017-3153 medium 6.1 6.1 apache 9y ago Cross-site Scripting in Apache Atlas
CVE-2017-3152 medium 6.1 6.1 apache 9y ago Cross-site Scripting in Apache Atlas
CVE-2017-3151 medium 6.1 6.1 apache 9y ago Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
CVE-2017-3150 medium 6.1 6.1 apache 9y ago Insecure cookie storage in Apache Atlas
CVE-2016-8752 high 7.5 7.5 apache 9y ago Path Traversal in Apache Atlas
CVE-2015-5209 high 7.5 7.5 apache 9y ago Special top object can be used to access Struts' internals
CVE-2017-9802 medium 6.1 6.1 apache 9y ago Improper Neutralization of Input During Web Page Generation Apache Sling Servlets Post
CVE-2017-7675 high 7.5 7.5 FIX slesdebian debian apache 9y ago The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypa…
CVE-2017-7674 medium 4.3 4.3 FIX slesdebian debian apache 9y ago The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Orig…
CVE-2016-6796 high 7.5 7.5 slesdebian debian rhel apachenetapporacle 9y ago Apache Tomcat vulnerable to SecurityManager bypass
CVE-2016-8745 high 7.5 7.5 FIX slesdebian debian apache 9y ago A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted…
CVE-2016-6817 high 7.5 7.5 FIX debian debian apache 9y ago The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of s…
CVE-2016-6797 high 7.5 7.5 slesdebian debian rhel apacheoraclenetapp 9y ago Incorrect Authorization in Apache Tomcat
CVE-2017-3156 high 7.5 7.5 apache 9y ago Covert Timing Channel in Apache CXF
CVE-2016-8739 high 7.5 7.5 apache 9y ago Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS
CVE-2016-6812 medium 6.1 6.1 apache 9y ago Improper Neutralization of Input During Web Page Generation in Apache CXF
CVE-2016-6794 medium 5.3 5.3 slesdebian debian rhel apacheredhatnetapp 9y ago System Property Disclosure in Apache Tomcat
CVE-2016-0762 medium 5.9 5.9 slesdebian debian rhel apacheredhatnetapp 9y ago Observable Discrepancy in Apache Tomcat
CVE-2017-9799 high 8.8 8.8 sles apache 9y ago Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user
CVE-2012-0880 high 7.5 7.5 slesdebian debian apache 9y ago Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.
CVE-2011-4343 high 7.5 7.5 apache 9y ago Apache MyFaces Vulnerable to EL Injection
CVE-2010-2245 high 7.4 7.4 apache 9y ago XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document.
CVE-2017-9801 high 7.5 7.5 FIX debian debian apache 9y ago Improper Input Validation in Apache Commons Email
CVE-2016-8743 high 7.5 7.5 FIX debian debian sles rhel apachenetappredhat 9y ago Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors repres…
CVE-2016-2161 high 7.5 7.5 FIX debian debian sles apache 9y ago In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
CVE-2016-0736 high 7.5 8.5 EXPFIX slesdebian debian apache 9y ago In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by defaul…
CVE-2017-7659 high 7.5 7.5 FIX debian debianarch arch sles apache 9y ago A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.
CVE-2016-5394 medium 6.1 6.1 apache 9y ago Cross site scripting in Apache Sling
CVE-2017-7688 high 7.5 7.5 apache 9y ago Apache OpenMeetings updates user password in insecure manner
CVE-2017-7685 medium 5.3 5.3 apache 9y ago Apache OpenMeetings responds to insecure HTTP methods
CVE-2017-7684 high 7.5 7.5 apache 9y ago Apache OpenMeetings vulnerable to Uncontrolled Resource Consumption
CVE-2017-7683 high 7.5 7.5 apache 9y ago Apache OpenMeetings displays Tomcat version and detailed error stack trace
CVE-2017-7682 high 8.2 8.2 apache 9y ago Apache OpenMeetings vulnerable to parameter manipulation attacks
CVE-2017-7681 high 8.8 8.8 apache 9y ago Apache OpenMeetings vulnerable to SQL injection
CVE-2017-7680 high 7.5 7.5 apache 9y ago Apache OpenMeetings allows flash content to be loaded from untrusted domains
CVE-2017-7666 high 8.8 8.8 apache 9y ago Apache OpenMeetings vulnerable to Cross-Site Request Forgery
CVE-2017-7663 medium 6.1 6.1 apache 9y ago Apache OpenMeetings Cross-site Scripting vulnerability
CVE-2015-0249 high 7.2 7.2 apache 9y ago The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka…
CVE-2017-9789 high 7.5 7.5 FIX debian debianarch arch sles apache 9y ago When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
CVE-2017-9787 high 7.5 7.5 sles apache 9y ago Spring AOP functionality (Struts) vulnerable to DoS attack
CVE-2017-7672 medium 5.9 5.9 apache 9y ago Apache Struts Improper Input Validation vulnerability
CVE-2017-7678 medium 6.1 6.1 apache 9y ago Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
CVE-2017-5652 high 7.5 7.5 apache 9y ago During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in…
CVE-2017-7670 high 7.5 7.5 apache 9y ago Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack
CVE-2017-7660 high 7.5 7.5 FIX debian debian apache 9y ago Apache Solr insecure inter-node communication
CVE-2017-7686 high 7.5 7.5 apache 9y ago Apache Ignite communicates to an external PHP server where sensitive information is sent
CVE-2017-7668 high 7.5 7.5 FIX debian debianarch arch rhel apachenetapporacle 9y ago The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously…
CVE-2015-3254 medium 6.5 6.5 apache 9y ago The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
CVE-2017-7677 medium 5.9 5.9 apache 9y ago Moderate severity vulnerability that affects org.apache.ranger:ranger
CVE-2016-8751 medium 4.8 4.8 apache 9y ago Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
CVE-2016-8746 medium 5.9 5.9 apache 9y ago Apache Ranger policy engine incorrectly matches paths in certain conditions
CVE-2017-7667 high 7.5 7.5 apache 9y ago Origin Validation Error in Apache NiFi
CVE-2017-7665 medium 6.1 6.1 apache 9y ago Cross-site Scripting in Apache NiFi
CVE-2015-5175 high 7.5 7.5 apache 9y ago Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks
CVE-2016-5004 medium 6.5 6.5 apache 9y ago ws-xmlrpc DoS Vulnerability
CVE-2017-5664 high 7.5 7.5 FIX slesdebian debian apache 9y ago The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwa…
CVE-2017-7669 high 7.5 7.5 apache 9y ago Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation
CVE-2016-3083 high 7.5 7.5 apache 9y ago org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
CVE-2017-5646 medium 6.8 6.8 apache 9y ago Apache Knox allows impersonation of users
CVE-2017-6891 high 8.8 8.8 FIX arch arch slesdebian debian gnuapache 9y ago Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a spe…
CVE-2017-5657 high 8.0 8.0 apache 9y ago Apache Archiva vulnerable to Cross Site Request Forgery
CVE-2015-5241 medium 6.1 6.1 apache 9y ago Moderate severity vulnerability that affects org.apache.juddi:juddi-client
CVE-2017-7662 high 8.8 8.8 apache 9y ago Cross-Site Request Forgery in Apache CXF Fediz
CVE-2017-7661 high 8.8 8.8 apache 9y ago Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2
CVE-2017-5655 medium 6.5 6.5 apache 9y ago In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the ho…
CVE-2016-8741 high 7.5 7.5 apache 9y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java
CVE-2017-5654 high 7.5 7.5 apache 9y ago In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
CVE-2016-6799 high 7.5 7.5 apache 9y ago Information Exposure in cordova-android
CVE-2016-4467 medium 5.9 5.9 FIX debian debian apache 9y ago The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name …
CVE-2017-3162 high 7.3 7.3 apache 9y ago Improper Input Validation in Apache Hadoop
CVE-2017-3161 medium 6.1 6.1 apache 9y ago Improper Neutralization of Input During Web Page Generation in Apache Hadoop
CVE-2017-5656 high 7.5 7.5 apache 9y ago Session Fixation in Apache CXF
CVE-2017-5653 medium 5.3 5.3 apache 9y ago Improper Certificate Validation in Apache CXF
CVE-2017-5662 high 7.3 7.3 FIX debian debian sles apache 9y ago Improper Restriction of XML External Entity Reference in Apache Batik
CVE-2017-5661 high 7.3 7.3 FIX arch arch slesdebian debian apache 9y ago Improper Restriction of XML External Entity Reference in Apache FOP
CVE-2017-5659 high 7.5 7.5 FIX debian debian apache 9y ago Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
CVE-2016-5396 high 7.5 7.5 FIX debian debian apache 9y ago Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.
CVE-2017-5650 high 7.5 7.5 FIX debian debian apache 9y ago In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting f…
CVE-2017-5647 high 7.5 7.5 FIX slesdebian debian apache 9y ago A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in…
CVE-2016-4970 high 7.5 7.5 FIX debian debian nettyredhatapache 9y ago Loop with Unreachable Exit Condition in Netty
CVE-2016-6811 high 8.8 8.8 apache 9y ago Insecure Inherited Permissions in Apache Hadoop
CVE-2016-6805 medium 5.9 5.9 apache 9y ago Moderate severity vulnerability that affects org.apache.ignite:ignite-core
CVE-2017-5649 high 7.5 7.5 apache 9y ago Apache Geode information disclosure vulnerability
CVE-2016-4976 medium 5.5 5.5 apache 9y ago Apache Ambari reveals administrator passwords
CVE-2017-5644 medium 5.5 5.5 FIX debian debian apache 9y ago Improper Restriction of Recursive Entity References in DTDs in Apache POI
CVE-2014-0229 medium 6.5 6.5 clouderaapache 9y ago Improper Authentication in Apache Hadoop
CVE-2016-9775 high 7.8 7.8 ubuntu ubuntudebian debian apache 9y ago The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 L…
CVE-2016-9774 high 7.8 7.8 ubuntu ubuntudebian debian apache 9y ago The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7…
CVE-2016-6816 high 7.1 8.1 EXPFIX slesdebian debian apache 9y ago The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could b…
CVE-2017-5643 high 7.4 7.4 apache 9y ago Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
CVE-2016-1566 medium 5.4 5.4 apache 10y ago Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to i…
CVE-2016-6497 high 7.5 7.5 apache 10y ago main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all searc…
CVE-2015-3271 medium 5.3 5.3 FIX debian debian apache 10y ago Apache Tika Server exposes sensitive information
CVE-2016-8740 high 7.5 8.5 EXPFIX debian debian sles apache 10y ago The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to ca…
CVE-2016-5393 high 8.8 8.8 apache 10y ago Improper Access Control in Apache Hadoop
CVE-2016-6325 high 7.8 7.8 rhel apacheredhat 10y ago The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which all…
CVE-2016-5425 high 7.8 8.8 EXP rhel apacheoracle 10y ago The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows l…
CVE-2016-1240 high 7.8 8.8 EXP debian debianubuntu ubuntu apache 10y ago The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 …
CVE-2016-4978 high 7.2 7.2 rhel apacheredhat 10y ago Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain