VIR Vulnerability Intelligence Relay

Search

Found 390 results in 79ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-0783 high 7.5 7.5 apache 10y ago The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging…
CVE-2016-0710 high 8.8 9.8 EXP apache 10y ago Apache Jetspeed vulnerable to SQL Injection
CVE-2016-0709 high 7.2 8.2 EXP apache 10y ago Path Traversal in Apache Jetspeed
CVE-2016-0714 high 8.8 8.8 FIX debian debianubuntu ubuntu apache 10y ago The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticat…
CVE-2015-5351 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu apache 10y ago The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, wh…
CVE-2015-5346 high 8.1 8.1 FIX slesdebian debianubuntu ubuntu apache 10y ago Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the sam…
CVE-2016-0956 high 7.5 8.5 EXP macos macos linux-kernel apacheadobe 11y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
CVE-2015-3252 critical 9.8 9.8 apache 11y ago Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
CVE-2015-5344 critical 9.8 9.8 apache 11y ago Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands
CVE-2015-7521 high 8.3 8.3 apache 11y ago High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
CVE-2015-5259 high 8.6 8.6 FIX slesdebian debian apache 11y ago Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which …
CVE-2015-5254 critical 9.8 9.8 FIX debian debianfedora fedora redhatapache 11y ago Improper Input Validation in Apache ActiveMQ
CVE-2015-7430 high 8.4 8.4 apache 11y ago The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecif…
CVE-2015-1836 high 7.3 7.3 ibmapache 11y ago High severity vulnerability that affects org.apache.hbase:hbase
CVE-2015-1772 high 7.3 7.3 ibmapache 11y ago Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
CVE-2014-3612 high 7.5 FIX debian debian apache 11y ago Improper Authentication in Apache WSS4J
CVE-2014-1972 high 7.8 apache 11y ago Apache Tapestry Unsafe Object Storage
CVE-2014-3576 high 7.5 7.5 FIX debian debian apacheoracle 11y ago Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ
CVE-2015-3253 critical 9.8 9.8 FIX debian debian apacheoracle 11y ago Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
CVE-2015-1831 high 7.5 apache 11y ago Incomplete exclude pattern in Apache Struts
CVE-2014-0230 high 7.8 apacheoracle 11y ago Uncontrolled Resource Consumption in Apache Tomcat
CVE-2015-0202 high 7.8 FIX suse susedebian debian apache 11y ago The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal …
CVE-2015-0225 high 7.5 apache 11y ago Improper Neutralization of Special Elements used in a Command in Apache Cassandra
CVE-2015-0254 high 7.5 slesubuntu ubuntu apache 11y ago XXE in Apache Standard Taglibs
CVE-2014-0074 high 7.5 FIX debian debian apache 12y ago Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
CVE-2014-3524 critical 9.3 apachelibreoffice 12y ago Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
CVE-2014-3525 critical 10.0 FIX debian debian apache 12y ago Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.
CVE-2014-0114 high 8.5 EXPFIX debian debian apache 12y ago Arbitrary code execution in Apache Commons BeanUtils
CVE-2014-0113 high 8.5 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0112 high 8.5 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0107 high 7.5 FIX debian debian apacheoracle 12y ago Improper Authorization in Apache Xalan-Java
CVE-2014-0050 high 8.5 EXPFIX debian debian apacheoracle 12y ago Commons FileUpload Denial of service vulnerability
CVE-2014-0003 high 7.5 apache 12y ago Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
CVE-2014-0002 high 7.5 apache 12y ago Apache Camel's XSLT component allows remote attackers to read arbitrary files
CVE-2014-1884 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-reso…
CVE-2014-1882 high 7.5 adobeapache 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
CVE-2014-1881 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
CVE-2012-6637 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis…
CVE-2013-2185 high 7.5 apacheredhat 13y ago Deserialization of Untrusted Data in Apache Tomcat
CVE-2012-6612 high 7.5 FIX debian debian apache 13y ago Improper Restriction of XML External Entity Reference in Apache Solr
CVE-2013-4365 high 7.5 FIX debian debiansuse suse apachesuse 13y ago Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified im…
CVE-2013-5697 high 8.5 EXP simone_telliniapache 13y ago SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
CVE-2013-4316 critical 10.0 apacheoracle 13y ago Code injection in Apache Struts
CVE-2013-2210 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial…
CVE-2013-2156 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote a…
CVE-2013-2154 high 7.5 FIX debian debian apache 13y ago Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-depend…
CVE-2013-2250 critical 10.0 apache 13y ago Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) function…
CVE-2013-2112 high 7.8 FIX ubuntu ubuntususe susedebian debian apachecollabnet 13y ago The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
CVE-2013-2088 high 8.1 EXPFIX suse susedebian debian apachecollabnet 13y ago contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-2249 high 7.5 FIX debian debian apache 13y ago mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new ses…
CVE-2013-4002 high 7.1 linux-kernelubuntu ubuntususe suse ibmoracleapache 13y ago Missing XML Validation in Apache Xerces2
CVE-2013-2135 critical 9.3 apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-2134 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-1777 critical 10.0 apacheibm 13y ago Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
CVE-2013-1768 high 7.5 FIX debian debian apache 13y ago Deserialization of Untrusted Data in Apache OpenJPA
CVE-2013-2115 high 8.1 9.1 EXP apache 13y ago Code injection in Apache Struts
CVE-2013-1966 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts
CVE-2013-1965 critical 9.3 apache 13y ago Improper Control of Generation of Code in Apache Struts
CVE-2012-2379 critical 10.0 apache 14y ago XML Signature/Encryption Not Validated in Apache CXF
CVE-2012-4501 critical 10.0 apachecitrix 14y ago Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
CVE-2012-3506 critical 10.0 apache 14y ago Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
CVE-2012-2665 high 7.5 FIX ubuntu ubuntudebian debian rhel apachelibreoffice 14y ago Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and po…
CVE-2012-3376 high 7.5 apache 14y ago Client BlockTokens not checked in Apache Hadoop
CVE-2012-2149 high 7.5 FIX debian debian rhel redhatapachelibwpd 14y ago The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted …
CVE-2012-1149 high 7.5 FIX rheldebian debianfedora fedora libreofficeapache 14y ago Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application c…
CVE-2011-3620 high 7.5 apache 14y ago Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster…
CVE-2012-0838 critical 10.0 apache 15y ago Apache Struts Code injection due to conversion error
CVE-2011-5034 high 8.8 EXP apache 15y ago Apache Geronimo Hash Collisions Cause DoS
CVE-2011-3190 high 7.5 apache 15y ago Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
CVE-2011-3192 high 8.8 EXPFIX debian debianubuntu ubuntususe suse apache 15y ago The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range head…
CVE-2011-2688 high 7.5 FIX debian debian mod_authnz_external_projectapache 15y ago SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the use…
CVE-2010-4643 critical 9.3 apache 16y ago Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a …
CVE-2010-4253 critical 9.3 ubuntu ubuntudebian debian apache 16y ago Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a …
CVE-2010-3454 critical 9.3 debian debianubuntu ubuntu apache 16y ago Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application cr…
CVE-2010-3453 critical 9.3 debian debianubuntu ubuntu apache 16y ago The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8…
CVE-2010-3452 critical 9.3 debian debianubuntu ubuntu apache 16y ago Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…
CVE-2010-3451 critical 9.3 debian debianubuntu ubuntu apache 16y ago Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…
CVE-2010-3450 critical 9.3 debian debianubuntu ubuntu apache 16y ago Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filte…
CVE-2010-4494 high 7.5 FIX debian debianmacos macossuse suse googlexmlsoftapple 16y ago Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have un…
CVE-2010-3872 high 7.5 7.5 FIX debian debian apache 16y ago A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() …
CVE-2010-0219 critical 10.0 EXP apachesap 16y ago Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier …
CVE-2010-2076 critical 9.8 9.8 apache 16y ago Improper Input Validation in Apache CXF
CVE-2010-1632 high 7.5 ibmapache 16y ago Improper Input Validation in Apache Axis2
CVE-2010-0395 critical 9.3 fedora fedoraubuntu ubuntudebian debian apache 16y ago OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file…
CVE-2010-0136 critical 9.3 ubuntu ubuntudebian debian apache 17y ago OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted…
CVE-2009-3302 critical 9.3 ubuntu ubuntudebian debian apache 17y ago filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table p…
CVE-2009-3301 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafte…
CVE-2009-2950 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service…
CVE-2009-2949 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that…
CVE-2009-3555 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntufedora fedora apachegnumozilla 17y ago The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…