VIR Vulnerability Intelligence Relay

Search

Found 428 results in 102ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2015-5349 high 7.8 7.8 FIX debian debian apache 10y ago Apache Directory Studio Command Injection
CVE-2016-0735 high 8.8 8.8 apache 10y ago Apache Ranger Access Restriction Bypass
CVE-2015-0266 high 7.1 7.1 apache 10y ago Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs
CVE-2016-2171 high 7.5 7.5 apache 10y ago The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the RES…
CVE-2016-2164 high 7.5 7.5 apache 10y ago Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file
CVE-2016-0783 high 7.5 7.5 apache 10y ago The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging…
CVE-2016-0710 high 8.8 9.8 EXP apache 10y ago Apache Jetspeed vulnerable to SQL Injection
CVE-2016-0709 high 7.2 8.2 EXP apache 10y ago Path Traversal in Apache Jetspeed
CVE-2016-0714 high 8.8 8.8 FIX debian debianubuntu ubuntu apache 10y ago The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticat…
CVE-2015-5351 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu apache 10y ago The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, wh…
CVE-2015-5346 high 8.1 8.1 FIX slesdebian debianubuntu ubuntu apache 10y ago Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the sam…
CVE-2016-0956 high 7.5 8.5 EXP macos macos linux-kernel apacheadobe 11y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
CVE-2015-3252 critical 9.8 9.8 apache 11y ago Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
CVE-2015-5344 critical 9.8 9.8 apache 11y ago Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands
CVE-2015-7521 high 8.3 8.3 apache 11y ago High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
CVE-2015-5259 high 8.6 8.6 FIX slesdebian debian apache 11y ago Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which …
CVE-2015-5254 critical 9.8 9.8 FIX debian debianfedora fedora redhatapache 11y ago Improper Input Validation in Apache ActiveMQ
CVE-2015-7430 high 8.4 8.4 apache 11y ago The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecif…
CVE-2015-1836 high 7.3 7.3 ibmapache 11y ago High severity vulnerability that affects org.apache.hbase:hbase
CVE-2015-1772 high 7.3 7.3 ibmapache 11y ago Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
CVE-2015-4940 low 2.1 apacheibm 11y ago Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information…
CVE-2015-3186 low 3.5 apache 11y ago Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration …
CVE-2014-3612 high 7.5 FIX debian debian apache 11y ago Improper Authentication in Apache WSS4J
CVE-2014-1972 high 7.8 apache 11y ago Apache Tapestry Unsafe Object Storage
CVE-2014-3576 high 7.5 7.5 FIX debian debian apacheoracle 11y ago Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ
CVE-2015-3253 critical 9.8 9.8 FIX debian debian apacheoracle 11y ago Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
CVE-2015-1831 high 7.5 apache 11y ago Incomplete exclude pattern in Apache Struts
CVE-2014-0230 high 7.8 apacheoracle 11y ago Uncontrolled Resource Consumption in Apache Tomcat
CVE-2015-0202 high 7.8 FIX suse susedebian debian apache 11y ago The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal …
CVE-2015-0225 high 7.5 apache 11y ago Improper Neutralization of Special Elements used in a Command in Apache Cassandra
CVE-2015-0254 high 7.5 slesubuntu ubuntu apache 11y ago XXE in Apache Standard Taglibs
CVE-2014-0228 low 3.5 apache 12y ago Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
CVE-2014-0074 high 7.5 FIX debian debian apache 12y ago Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
CVE-2014-3524 critical 9.3 apachelibreoffice 12y ago Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
CVE-2014-3525 critical 10.0 FIX debian debian apache 12y ago Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.
CVE-2013-7393 low 2.4 FIX debian debian apache 12y ago The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfil…
CVE-2013-4262 low 2.4 FIX debian debian apache 12y ago svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this i…
CVE-2014-0114 high 8.5 EXPFIX debian debian apache 12y ago Arbitrary code execution in Apache Commons BeanUtils
CVE-2014-0113 high 8.5 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0112 high 8.5 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0107 high 7.5 FIX debian debian apacheoracle 12y ago Improper Authorization in Apache Xalan-Java
CVE-2014-0050 high 8.5 EXPFIX debian debian apacheoracle 12y ago Commons FileUpload Denial of service vulnerability
CVE-2014-0003 high 7.5 apache 12y ago Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
CVE-2014-0002 high 7.5 apache 12y ago Apache Camel's XSLT component allows remote attackers to read arbitrary files
CVE-2014-1884 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-reso…
CVE-2014-1882 high 7.5 adobeapache 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
CVE-2014-1881 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
CVE-2012-6637 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis…
CVE-2013-0346 low 2.1 apache 13y ago Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor ha…
CVE-2013-0177 low 4.5 EXP apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x all…
CVE-2013-2192 low 3.2 apache 13y ago Improper Authentication in Apache Hadoop
CVE-2013-2185 high 7.5 apacheredhat 13y ago Deserialization of Untrusted Data in Apache Tomcat
CVE-2013-6398 low 2.8 apache 13y ago The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions v…
CVE-2013-6480 low 3.1 EXPFIX debian debian apache 13y ago Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
CVE-2012-6612 high 7.5 FIX debian debian apache 13y ago Improper Restriction of XML External Entity Reference in Apache Solr
CVE-2013-4558 low 3.5 FIX debian debian apache 13y ago The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversio…
CVE-2013-4505 low 2.6 FIX debian debian apache 13y ago The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a den…
CVE-2013-4365 high 7.5 FIX debian debiansuse suse apachesuse 13y ago Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified im…
CVE-2013-5697 high 8.5 EXP simone_telliniapache 13y ago SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
CVE-2013-4316 critical 10.0 apacheoracle 13y ago Code injection in Apache Struts
CVE-2013-4277 low 3.3 FIX debian debian apache 13y ago Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by th…
CVE-2013-2210 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial…
CVE-2013-2156 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote a…
CVE-2013-2154 high 7.5 FIX debian debian apache 13y ago Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-depend…
CVE-2013-2250 critical 10.0 apache 13y ago Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) function…
CVE-2013-2112 high 7.8 FIX ubuntu ubuntususe susedebian debian apachecollabnet 13y ago The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
CVE-2013-2088 high 8.1 EXPFIX suse susedebian debian apachecollabnet 13y ago contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-2249 high 7.5 FIX debian debian apache 13y ago mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new ses…
CVE-2013-4002 high 7.1 linux-kernelubuntu ubuntususe suse ibmoracleapache 13y ago Missing XML Validation in Apache Xerces2
CVE-2013-2135 critical 9.3 apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-2134 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-1777 critical 10.0 apacheibm 13y ago Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
CVE-2013-1768 high 7.5 FIX debian debian apache 13y ago Deserialization of Untrusted Data in Apache OpenJPA
CVE-2013-2115 high 8.1 9.1 EXP apache 13y ago Code injection in Apache Struts
CVE-2013-1966 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts
CVE-2013-1965 critical 9.3 apache 13y ago Improper Control of Generation of Code in Apache Struts
CVE-2013-2071 low 2.6 apache 13y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2013-0941 low 2.1 rsaapachemicrosoft 13y ago EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Win…
CVE-2013-1845 low 2.1 FIX suse susedebian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting…
CVE-2013-0248 low 3.3 FIX debian debian apache 13y ago Incorrect Default Permissions in Apache Commons FileUpload
CVE-2012-5616 low 1.5 apachecitrix 14y ago Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) t…
CVE-2012-2379 critical 10.0 apache 14y ago XML Signature/Encryption Not Validated in Apache CXF
CVE-2012-4534 low 2.6 apache 14y ago org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to…
CVE-2012-4501 critical 10.0 apachecitrix 14y ago Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
CVE-2012-3506 critical 10.0 apache 14y ago Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
CVE-2012-2687 low 2.6 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiVi…
CVE-2012-2665 high 7.5 FIX ubuntu ubuntudebian debian rhel apachelibreoffice 14y ago Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and po…
CVE-2012-3376 high 7.5 apache 14y ago Client BlockTokens not checked in Apache Hadoop
CVE-2012-2381 low 3.5 apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
CVE-2012-2149 high 7.5 FIX debian debian rhel redhatapachelibwpd 14y ago The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted …
CVE-2012-1149 high 7.5 FIX rheldebian debianfedora fedora libreofficeapache 14y ago Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application c…
CVE-2011-3620 high 7.5 apache 14y ago Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster…
CVE-2012-0838 critical 10.0 apache 15y ago Apache Struts Code injection due to conversion error
CVE-2012-0021 low 2.6 FIX debian debian apache 15y ago The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, w…
CVE-2011-5034 high 8.8 EXP apache 15y ago Apache Geronimo Hash Collisions Cause DoS
CVE-2011-4415 low 2.2 EXPFIX debian debian apache 15y ago The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of envi…
CVE-2000-1247 low 2.1 apache 15y ago The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensiti…
CVE-2011-3190 high 7.5 apache 15y ago Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
CVE-2011-3192 high 8.8 EXPFIX debian debianubuntu ubuntususe suse apache 15y ago The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range head…
CVE-2011-2712 low 2.6 apache 15y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspe…