VIR Vulnerability Intelligence Relay

Search

Found 743 results in 127ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-5395 medium 4.8 4.8 apache 10y ago Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
CVE-2016-6801 high 8.8 8.8 FIX debian debian apache 10y ago Apache Jackrabbit Authentication Hijacking Vulnerability
CVE-2016-5017 high 8.1 8.1 FIX debian debian apache 10y ago Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command str…
CVE-2016-6802 high 7.5 7.5 FIX debian debian apache 10y ago Improper Access Control in Apache Shiro
CVE-2016-3089 medium 6.1 6.1 apache 10y ago Apache OpenMeetings Cross-site Scripting vulnerability
CVE-2016-0760 high 8.8 8.8 apache 10y ago Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive built…
CVE-2016-0782 medium 5.4 5.4 FIX debian debian apache 10y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2016-5000 medium 5.5 5.5 debian debian apache 10y ago Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability
CVE-2016-1513 high 7.8 7.8 FIX debian debian apache 10y ago The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) …
CVE-2016-1238 high 7.8 7.8 FIX slesfedora fedorasuse suse perlapache 10y ago (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encod…
CVE-2016-5005 medium 4.8 4.8 apache 10y ago Apache Archiva vulnerable to Cross-site Scripting
CVE-2016-4469 high 8.8 9.8 EXP apache 10y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repo…
CVE-2016-5388 high 8.1 8.1 FIX sles rheldebian debian hpapache 10y ago Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted cli…
CVE-2016-5387 high 8.1 8.1 FIX debian debian slesfedora fedora apachehporacle 10y ago The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh…
CVE-2016-4974 high 7.5 7.5 apache 10y ago Improper Input Validation in Apache Qpid AMQP 0-x JMS
CVE-2016-4463 high 7.5 7.5 FIX slesdebian debian apache 10y ago Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
CVE-2016-4979 high 7.5 7.5 FIX debian debian sles apache 10y ago The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allow…
CVE-2016-1546 medium 5.9 5.9 FIX debian debian apache 10y ago The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a …
CVE-2016-4465 medium 5.3 5.3 apache 10y ago Apache Struts vulnerable to possible DoS attack when using URLValidator
CVE-2016-4433 high 7.5 7.5 apache 10y ago Apache Struts Open Redirect
CVE-2016-4431 high 7.5 7.5 apache 10y ago Apache Struts Access Control Redirect
CVE-2016-4430 high 8.8 8.8 apache 10y ago Apache Struts CSRF Vulnerability
CVE-2016-3092 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu apachehp 10y ago The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, all…
CVE-2016-1182 high 8.2 8.2 sles apache 10y ago Improper Input Validation in Apache Struts
CVE-2016-1181 high 8.1 8.1 oracleapache 10y ago Improper Input Validation in Apache Struts
CVE-2015-0899 high 7.5 7.5 apache 10y ago Improper Input Validation in Apache Struts
CVE-2016-2174 high 7.2 7.2 apache 10y ago SQL injection vulnerability in the policy admin tool in Apache Ranger
CVE-2016-3085 medium 6.5 6.5 apache 10y ago Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass auth…
CVE-2016-3093 medium 5.3 5.3 ognl_projectapache 10y ago Denial of service in Apache Struts
CVE-2015-7611 high 8.1 9.1 EXP apache 10y ago Apache James Server OS Command Injection
CVE-2016-3094 medium 5.9 5.9 apache 10y ago Improper Input Validation in org.apache.qpid:qpid-broker
CVE-2016-2175 high 7.8 7.8 FIX debian debian apache 10y ago High severity vulnerability that affects org.apache.pdfbox:pdfbox
CVE-2016-0731 medium 4.9 4.9 apache 10y ago The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.
CVE-2016-0707 low 3.3 3.3 apache 10y ago The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive infor…
CVE-2015-5208 medium 4.4 4.4 apache 10y ago Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
CVE-2015-5207 medium 5.3 5.3 apache 10y ago Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
CVE-2016-2168 medium 6.5 6.5 FIX slesdebian debian apache 10y ago The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service …
CVE-2016-2167 medium 6.8 6.8 FIX slesdebian debian apache 10y ago The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate …
CVE-2016-3081 high 8.1 9.1 EXP sles apacheoracle 10y ago Apache Struts RCE Vulnerability
CVE-2015-1776 medium 6.2 6.2 apache 10y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
CVE-2015-5348 high 8.1 8.1 apache 10y ago Apache Camel can allow remote attackers to execute arbitrary commands
CVE-2015-5343 high 7.6 7.6 FIX debian debian apache 10y ago Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server cra…
CVE-2015-7520 medium 6.1 6.1 apache 10y ago Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow re…
CVE-2015-5347 medium 6.1 6.1 apache 10y ago Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.…
CVE-2016-4003 medium 6.1 6.1 sles apache 10y ago Cross-site Scripting in Apache Struts
CVE-2016-2162 medium 6.1 6.1 sles apache 10y ago Apache Struts XSS Vulnerability
CVE-2016-0785 high 8.8 8.8 sles apache 10y ago Apache Struts RCE Vulnerability
CVE-2016-2166 medium 6.5 6.5 FIX fedora fedoradebian debian apache 10y ago Moderate severity vulnerability that affects org.apache.qpid:proton-j
CVE-2015-5167 medium 6.5 6.5 apache 10y ago Apache Ranger allows users to bypass intended access restrictions via the REST API
CVE-2015-3268 medium 6.1 6.1 apache 10y ago Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to …
CVE-2015-5349 high 7.8 7.8 FIX debian debian apache 10y ago Apache Directory Studio Command Injection
CVE-2016-0735 high 8.8 8.8 apache 10y ago Apache Ranger Access Restriction Bypass
CVE-2015-0266 high 7.1 7.1 apache 10y ago Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs
CVE-2015-0265 medium 6.1 6.1 apache 10y ago Apache Ranger Cross-site Scripting vulnerability
CVE-2016-2171 high 7.5 7.5 apache 10y ago The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the RES…
CVE-2016-2164 high 7.5 7.5 apache 10y ago Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file
CVE-2016-2163 medium 6.1 6.1 apache 10y ago Apache OpenMeetings Cross-site Scripting vulnerability
CVE-2016-0784 medium 6.5 7.5 EXP apache 10y ago Apache OpenMeetings Directory Traversal vulnerability
CVE-2016-0783 high 7.5 7.5 apache 10y ago The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging…
CVE-2016-0712 medium 6.1 6.1 apache 10y ago Cross-site Scripting in Apache Jetspeed
CVE-2016-0711 medium 6.1 6.1 apache 10y ago Apache Jetspeed vulnerable to Cross-site Scripting
CVE-2016-0710 high 8.8 9.8 EXP apache 10y ago Apache Jetspeed vulnerable to SQL Injection
CVE-2016-0709 high 7.2 8.2 EXP apache 10y ago Path Traversal in Apache Jetspeed
CVE-2016-0734 medium 6.1 6.1 FIX debian debian apache 10y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2016-0763 medium 6.3 6.3 FIX debian debianubuntu ubuntu apache 10y ago The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLink…
CVE-2016-0714 high 8.8 8.8 FIX debian debianubuntu ubuntu apache 10y ago The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticat…
CVE-2016-0706 medium 4.3 4.3 FIX slesdebian debianubuntu ubuntu apache 10y ago Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/Restrict…
CVE-2015-5351 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu apache 10y ago The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, wh…
CVE-2015-5346 high 8.1 8.1 FIX slesdebian debianubuntu ubuntu apache 10y ago Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the sam…
CVE-2015-5345 medium 5.3 5.3 FIX slesdebian debianubuntu ubuntu apache 10y ago The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which a…
CVE-2015-5174 medium 4.3 4.3 slesdebian debianubuntu ubuntu apache 10y ago Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
CVE-2015-8797 medium 6.1 6.1 FIX debian debian apache 10y ago Improper Neutralization of Input During Web Page Generation in Apache Solr
CVE-2015-8796 medium 6.1 6.1 FIX debian debian apache 10y ago Apache Solr Cross-site scripting Vulnerability
CVE-2015-8795 medium 6.1 6.1 FIX debian debian apache 10y ago Improper Neutralization of Input During Web Page Generation in Apache Solr
CVE-2016-0956 high 7.5 8.5 EXP macos macos linux-kernel apacheadobe 11y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
CVE-2015-3251 medium 4.9 4.9 apache 11y ago Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API ca…
CVE-2015-7521 high 8.3 8.3 apache 11y ago High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
CVE-2015-5259 high 8.6 8.6 FIX slesdebian debian apache 11y ago Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which …
CVE-2015-7430 high 8.4 8.4 apache 11y ago The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecif…
CVE-2015-1836 high 7.3 7.3 ibmapache 11y ago High severity vulnerability that affects org.apache.hbase:hbase
CVE-2015-1772 high 7.3 7.3 ibmapache 11y ago Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
CVE-2015-5204 medium 4.3 apache 11y ago CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences …
CVE-2015-8320 medium 5.0 apache 11y ago Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value.
CVE-2015-5256 medium 4.3 apache 11y ago Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access…
CVE-2015-5253 medium 4.0 apache 11y ago Improper Access Control in Apache CXF
CVE-2015-5214 medium 6.8 FIX debian debianubuntu ubuntu libreofficeapache 11y ago LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary co…
CVE-2015-5213 medium 6.8 FIX debian debianubuntu ubuntu apachelibreoffice 11y ago Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbi…
CVE-2015-5212 medium 6.8 FIX debian debianubuntu ubuntu libreofficeapache 11y ago Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause…
CVE-2015-4551 medium 4.3 FIX debian debianubuntu ubuntu libreofficeapache 11y ago LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow …
CVE-2015-4940 low 2.1 apacheibm 11y ago Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information…
CVE-2015-4928 medium 4.3 apacheibm 11y ago Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive infor…
CVE-2015-5210 medium 5.8 apache 11y ago Apache Ambari Open Redirect
CVE-2015-3270 medium 6.5 apache 11y ago Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.
CVE-2015-3186 low 3.5 apache 11y ago Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration …
CVE-2015-1775 medium 5.5 apache 11y ago Apache Ambari SSRF Vulnerability
CVE-2015-5262 medium 4.3 FIX slesdebian debianubuntu ubuntu apache 11y ago Denial of service vulnerability in org.apache.httpcomponents:httpclient
CVE-2015-6524 medium 5.0 FIX debian debianfedora fedora apache 11y ago Improper Input Validation in Apache ActiveMQ
CVE-2014-3612 high 7.5 FIX debian debian apache 11y ago Improper Authentication in Apache WSS4J
CVE-2014-1972 high 7.8 apache 11y ago Apache Tapestry Unsafe Object Storage
CVE-2015-1830 medium 6.0 EXPFIX debian debian apache 11y ago Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ