VIR Vulnerability Intelligence Relay

Search

Found 261 results in 91ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-0735 high 8.8 8.8 apache 10y ago Apache Ranger Access Restriction Bypass
CVE-2015-0266 high 7.1 7.1 apache 10y ago Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs
CVE-2016-2171 high 7.5 7.5 apache 10y ago The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the RES…
CVE-2016-2164 high 7.5 7.5 apache 10y ago Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file
CVE-2016-0783 high 7.5 7.5 apache 10y ago The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging…
CVE-2016-0710 high 8.8 9.8 EXP apache 10y ago Apache Jetspeed vulnerable to SQL Injection
CVE-2016-0709 high 7.2 8.2 EXP apache 10y ago Path Traversal in Apache Jetspeed
CVE-2016-0714 high 8.8 8.8 FIX debian debianubuntu ubuntu apache 10y ago The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticat…
CVE-2015-5351 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu apache 10y ago The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, wh…
CVE-2015-5346 high 8.1 8.1 FIX slesdebian debianubuntu ubuntu apache 10y ago Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the sam…
CVE-2016-0956 high 7.5 8.5 EXP macos macos linux-kernel apacheadobe 11y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
CVE-2015-7521 high 8.3 8.3 apache 11y ago High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
CVE-2015-5259 high 8.6 8.6 FIX slesdebian debian apache 11y ago Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which …
CVE-2015-7430 high 8.4 8.4 apache 11y ago The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecif…
CVE-2015-1836 high 7.3 7.3 ibmapache 11y ago High severity vulnerability that affects org.apache.hbase:hbase
CVE-2015-1772 high 7.3 7.3 ibmapache 11y ago Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
CVE-2014-3612 high 7.5 FIX debian debian apache 11y ago Improper Authentication in Apache WSS4J
CVE-2014-1972 high 7.8 apache 11y ago Apache Tapestry Unsafe Object Storage
CVE-2014-3576 high 7.5 7.5 FIX debian debian apacheoracle 11y ago Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ
CVE-2015-1831 high 7.5 apache 11y ago Incomplete exclude pattern in Apache Struts
CVE-2014-0230 high 7.8 apacheoracle 11y ago Uncontrolled Resource Consumption in Apache Tomcat
CVE-2015-0202 high 7.8 FIX suse susedebian debian apache 11y ago The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal …
CVE-2015-0225 high 7.5 apache 11y ago Improper Neutralization of Special Elements used in a Command in Apache Cassandra
CVE-2015-0254 high 7.5 slesubuntu ubuntu apache 11y ago XXE in Apache Standard Taglibs
CVE-2014-0074 high 7.5 FIX debian debian apache 12y ago Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
CVE-2014-0114 high 8.5 EXPFIX debian debian apache 12y ago Arbitrary code execution in Apache Commons BeanUtils
CVE-2014-0113 high 8.5 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0112 high 8.5 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0107 high 7.5 FIX debian debian apacheoracle 12y ago Improper Authorization in Apache Xalan-Java
CVE-2014-0050 high 8.5 EXPFIX debian debian apacheoracle 12y ago Commons FileUpload Denial of service vulnerability
CVE-2014-0003 high 7.5 apache 12y ago Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
CVE-2014-0002 high 7.5 apache 12y ago Apache Camel's XSLT component allows remote attackers to read arbitrary files
CVE-2014-1884 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-reso…
CVE-2014-1882 high 7.5 adobeapache 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
CVE-2014-1881 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
CVE-2012-6637 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis…
CVE-2013-2185 high 7.5 apacheredhat 13y ago Deserialization of Untrusted Data in Apache Tomcat
CVE-2012-6612 high 7.5 FIX debian debian apache 13y ago Improper Restriction of XML External Entity Reference in Apache Solr
CVE-2013-4365 high 7.5 FIX debian debiansuse suse apachesuse 13y ago Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified im…
CVE-2013-5697 high 8.5 EXP simone_telliniapache 13y ago SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
CVE-2013-2210 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial…
CVE-2013-2156 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote a…
CVE-2013-2154 high 7.5 FIX debian debian apache 13y ago Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-depend…
CVE-2013-2112 high 7.8 FIX ubuntu ubuntususe susedebian debian apachecollabnet 13y ago The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
CVE-2013-2088 high 8.1 EXPFIX suse susedebian debian apachecollabnet 13y ago contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-2249 high 7.5 FIX debian debian apache 13y ago mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new ses…
CVE-2013-4002 high 7.1 linux-kernelubuntu ubuntususe suse ibmoracleapache 13y ago Missing XML Validation in Apache Xerces2
CVE-2013-1768 high 7.5 FIX debian debian apache 13y ago Deserialization of Untrusted Data in Apache OpenJPA
CVE-2013-2115 high 8.1 9.1 EXP apache 13y ago Code injection in Apache Struts
CVE-2012-2665 high 7.5 FIX ubuntu ubuntudebian debian rhel apachelibreoffice 14y ago Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and po…
CVE-2012-3376 high 7.5 apache 14y ago Client BlockTokens not checked in Apache Hadoop
CVE-2012-2149 high 7.5 FIX debian debian rhel redhatapachelibwpd 14y ago The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted …
CVE-2012-1149 high 7.5 FIX rheldebian debianfedora fedora libreofficeapache 14y ago Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application c…
CVE-2011-3620 high 7.5 apache 14y ago Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster…
CVE-2011-5034 high 8.8 EXP apache 15y ago Apache Geronimo Hash Collisions Cause DoS
CVE-2011-3190 high 7.5 apache 15y ago Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
CVE-2011-3192 high 8.8 EXPFIX debian debianubuntu ubuntususe suse apache 15y ago The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range head…
CVE-2011-2688 high 7.5 FIX debian debian mod_authnz_external_projectapache 15y ago SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the use…
CVE-2010-4494 high 7.5 FIX debian debianmacos macossuse suse googlexmlsoftapple 16y ago Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have un…
CVE-2010-3872 high 7.5 7.5 FIX debian debian apache 16y ago A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() …
CVE-2010-1632 high 7.5 ibmapache 16y ago Improper Input Validation in Apache Axis2