VIR Vulnerability Intelligence Relay

Search

Found 482 results in 91ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2015-0228 medium 5.0 FIX debian debianubuntu ubuntususe suse apache 11y ago The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a…
CVE-2014-0227 medium 6.4 apache 12y ago Improper Input Validation in Apache Tomcat
CVE-2015-0227 medium 5.0 FIX debian debian apache 12y ago Improper Access Control in Apache WSS4J
CVE-2014-8110 medium 4.3 FIX debian debian apache 12y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2015-0223 medium 5.0 apache 12y ago Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
CVE-2014-8152 medium 5.0 FIX debian debian apache 12y ago Improper Input Validation in Apache Santuario XML Security
CVE-2014-9593 medium 5.0 apache 12y ago Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.
CVE-2014-10022 medium 5.0 FIX debian debian apache 12y ago Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing.
CVE-2014-9527 medium 5.0 FIX debian debianfedora fedora apache 12y ago Loop with Unreachable Exit Condition in Apache POI
CVE-2014-3628 medium 4.3 FIX debian debian apache 12y ago Improper Neutralization of Input During Web Page Generation in Apache Solr
CVE-2014-8109 medium 4.3 FIX debian debianfedora fedoraubuntu ubuntu apacheoracle 12y ago mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different ar…
CVE-2014-8108 medium 5.0 FIX rheldebian debian apacheapple 12y ago The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) v…
CVE-2014-3580 medium 5.0 FIX slesdebian debian rhel apacheapple 12y ago The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server cra…
CVE-2014-3583 medium 5.0 FIX debian debianubuntu ubuntumacos macos apache 12y ago The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon c…
CVE-2014-7809 medium 6.8 apache 12y ago Cross-Site Request Forgery in Apache Struts
CVE-2014-7807 medium 5.0 apache 12y ago Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.
CVE-2014-3627 medium 5.0 apache 12y ago Improper Link Resolution Before File Access in Apache Hadoop
CVE-2014-3629 medium 4.3 apache 12y ago XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.
CVE-2014-0228 low 3.5 apache 12y ago Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
CVE-2014-3502 medium 4.3 apache 12y ago Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.
CVE-2014-3501 medium 4.3 apache 12y ago Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
CVE-2014-3500 medium 6.4 apache 12y ago Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.
CVE-2014-3623 medium 5.0 apache 12y ago Improper Authentication in Apache WSS4J
CVE-2014-3584 medium 5.0 apache 12y ago Loop with Unreachable Exit Condition in Apache CXF
CVE-2014-3581 medium 5.0 FIX debian debianubuntu ubuntu rhel apacheoracle 12y ago The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer d…
CVE-2012-6107 medium 4.3 apache 12y ago Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack…
CVE-2013-4444 medium 6.8 sles apache 12y ago Apache Tomcat Unrestricted file upload vulnerability
CVE-2014-3574 medium 4.3 FIX debian debian apache 12y ago Improper Input Validation in Apache POI
CVE-2014-3529 medium 4.3 FIX debian debian apache 12y ago Improper Restriction of XML External Entity Reference in Apache POI
CVE-2012-6153 medium 4.3 FIX debian debian apache 12y ago Improper certificate validation in org.apache.httpcomponents:httpclient
CVE-2014-3596 medium 5.8 FIX slesdebian debian apache 12y ago Improper Validation of Certificates in apache axis
CVE-2014-3575 medium 4.3 sles rhel apachelibreoffice 12y ago The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
CVE-2014-0232 medium 4.3 apache 12y ago Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to…
CVE-2014-3577 medium 5.8 FIX slesarch archdebian debian apache 12y ago Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
CVE-2014-3528 medium 4.0 FIX suse suseubuntu ubuntu rhel apacheapple 12y ago Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers …
CVE-2014-3522 medium 4.0 FIX suse suseubuntu ubuntudebian debian apacheapple 12y ago The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certif…
CVE-2014-3504 medium 4.0 FIX ubuntu ubuntudebian debian apacheserf_project 12y ago The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in t…
CVE-2013-7393 low 2.4 FIX debian debian apache 12y ago The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfil…
CVE-2013-4262 low 2.4 FIX debian debian apache 12y ago svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this i…
CVE-2014-3523 medium 5.0 FIX debian debian apache 12y ago Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote…
CVE-2014-0231 medium 5.0 FIX debian debian apache 12y ago The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script …
CVE-2014-0226 medium 7.8 EXPFIX debian debian rhel apacheredhatoracle 12y ago Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…
CVE-2014-0118 medium 4.3 FIX debian debian rhel apacheredhat 12y ago The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denia…
CVE-2014-0117 medium 4.3 FIX debian debianmacos macos apache 12y ago The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Conn…
CVE-2013-4352 medium 4.3 FIX debian debian apache 12y ago The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a …
CVE-2014-3503 medium 5.0 apache 12y ago Apache Syncope uses a weak PNRG
CVE-2014-0035 medium 4.3 apacheredhat 12y ago Cleartext Transmission of Sensitive Information in Apache CXF
CVE-2014-0034 medium 4.3 apacheredhat 12y ago Improper Input Validation in Apache CXF
CVE-2012-1621 medium 4.3 apache 12y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a par…
CVE-2011-4367 medium 6.0 EXPFIX debian debian apache 12y ago Apache MyFaces Vulnerable to Path Traversal
CVE-2014-0119 medium 4.3 sles apache 12y ago Missing XML Validation in Apache Tomcat
CVE-2014-0099 medium 4.3 sles apache 12y ago Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
CVE-2014-0096 medium 4.3 apache 12y ago Improper Input Validation in Apache Tomcat
CVE-2014-0095 medium 5.0 apache 12y ago Denial of service in Apache Tomcat
CVE-2014-0075 medium 5.0 apache 12y ago Integer Overflow or Wraparound in Apache Tomcat
CVE-2013-2193 medium 4.3 apache 12y ago Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive inf…
CVE-2013-2758 medium 5.0 apachecitrix 12y ago Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers…
CVE-2013-2756 medium 5.0 apachecitrix 12y ago Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging …
CVE-2012-5649 medium 6.8 apache 12y ago Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
CVE-2014-0110 medium 4.3 apache 12y ago Uncontrolled Resource Consumption in Apache CXF
CVE-2014-0109 medium 4.3 apache 12y ago Uncontrolled Resource Consumption in Apache CXF
CVE-2014-0116 medium 5.8 apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2013-7372 medium 5.0 apache 12y ago The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache …
CVE-2013-2187 medium 4.3 apache 12y ago Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to…
CVE-2014-0111 medium 6.5 apache 12y ago Apache Syncope JEXL Code Injection
CVE-2013-5704 medium 5.0 FIX debian debian rhelmacos macos apacheredhatoracle 12y ago The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfe…
CVE-2014-2668 medium 6.0 EXP apache 12y ago Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
CVE-2012-5650 medium 4.3 apache 12y ago Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via …
CVE-2012-5641 medium 5.0 apachemochiweb_project 12y ago Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows …
CVE-2014-0098 medium 5.0 FIX debian debianubuntu ubuntu apacheoracle 12y ago The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon cra…
CVE-2013-6438 medium 5.0 FIX debian debianubuntu ubuntu apacheoracle 12y ago The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote atta…
CVE-2014-0094 medium 6.0 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0033 medium 4.3 apache 12y ago Improper Input Validation in Apache Tomcat
CVE-2013-4590 medium 4.3 debian debian apache 12y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2013-4322 medium 4.3 apache 12y ago Apache Tomcat Denial of Service vulnerability
CVE-2013-4286 medium 5.8 apache 12y ago Apache Tomcat is vulnerable to HTTP request-smuggling
CVE-2013-0346 low 2.1 apache 13y ago Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor ha…
CVE-2014-0032 medium 4.3 FIX debian debian apache 13y ago The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial …
CVE-2013-2055 medium 5.0 apache 13y ago Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templ…
CVE-2013-1880 medium 4.3 FIX debian debian apache 13y ago Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
CVE-2013-0177 low 4.5 EXP apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x all…
CVE-2013-2192 low 3.2 apache 13y ago Improper Authentication in Apache Hadoop
CVE-2014-0031 medium 4.0 apache 13y ago The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
CVE-2013-6398 low 2.8 apache 13y ago The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions v…
CVE-2013-4517 medium 4.3 FIX debian debian apache 13y ago Improper Input Validation in Apache Santuario XML Security
CVE-2013-6480 low 3.1 EXPFIX debian debian apache 13y ago Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
CVE-2013-6408 medium 6.4 FIX debian debian apache 13y ago XML Injection in Apache Solr
CVE-2013-6407 medium 6.4 FIX debian debian apache 13y ago Apache Solr UpdateRequestHandler for XML resolves XML External Entities
CVE-2013-6397 medium 4.3 FIX debian debian apache 13y ago Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
CVE-2013-4558 low 3.5 FIX debian debian apache 13y ago The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversio…
CVE-2013-4505 low 2.6 FIX debian debian apache 13y ago The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a den…
CVE-2013-4212 medium 7.8 EXP apache 13y ago Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated b…
CVE-2013-4171 medium 4.3 apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS…
CVE-2013-6357 medium 7.8 EXP apache 13y ago Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that…
CVE-2013-6348 medium 4.3 apache 13y ago Apache Struts is vulnerable to Cross-site Scripting
CVE-2013-4390 medium 5.8 apache 13y ago Apache Sling Auth Core bundle vulnerable to Open Redirection
CVE-2013-4295 medium 6.0 EXP apache 13y ago Apache Shindig PHP Sensitive Information Disclosure
CVE-2013-2254 medium 5.0 apache 13y ago Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Sling
CVE-2013-4330 medium 6.8 apache 13y ago Improper Control of Generation of Code in Apache Camel
CVE-2013-4310 medium 5.8 apache 13y ago Apache Struts2 Broken Access Control Vulnerability