VIR Vulnerability Intelligence Relay

Search

Found 574 results in 88ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2013-1879 medium 4.3 FIX debian debian apache 13y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2013-2135 critical 9.3 apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-2134 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-2765 medium 6.0 EXPFIX debian debiansuse suse trustwaveapache 13y ago The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request …
CVE-2013-1777 critical 10.0 apacheibm 13y ago Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
CVE-2013-1896 medium 4.3 FIX debian debian rhelubuntu ubuntu apacheredhat 13y ago mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a M…
CVE-2013-1966 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts
CVE-2013-1965 critical 9.3 apache 13y ago Improper Control of Generation of Code in Apache Struts
CVE-2013-1862 medium 5.1 FIX debian debiansuse suse rhel apacheredhatoracle 13y ago mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to exec…
CVE-2013-2067 medium 6.8 apache 13y ago Improper Authentication in Apache Tomcat
CVE-2012-3544 medium 5.0 sles apache 13y ago Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
CVE-2013-0942 medium 4.3 emcmicrosoftapache 13y ago Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers t…
CVE-2013-1884 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval…
CVE-2013-1849 medium 4.3 FIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a P…
CVE-2013-1847 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an …
CVE-2013-1846 medium 4.0 FIX suse susedebian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash…
CVE-2013-3060 medium 6.4 FIX debian debian apache 13y ago Improper Authentication in Apache ActiveMQ
CVE-2012-6551 medium 5.0 FIX debian debian apache 13y ago Apache ActiveMQ default configuration subject to denial of service
CVE-2012-6092 medium 4.3 FIX debian debian apache 13y ago Cross-site Scripting in Apache ActiveMQ
CVE-2013-0253 medium 5.8 apache 13y ago The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
CVE-2012-4460 medium 5.0 apache 13y ago The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via …
CVE-2012-4459 medium 5.0 apache 13y ago Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which trigge…
CVE-2012-4458 medium 5.0 apache 13y ago The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the clien…
CVE-2012-4446 medium 6.8 apache 13y ago Improper Authentication in Apache Qpid
CVE-2013-1814 medium 5.0 EXP apache 13y ago Apache Rave information disclosure vulnerability
CVE-2013-0239 medium 5.0 apache 13y ago Improper Authentication in Apache CXF
CVE-2012-5633 medium 5.8 apache 13y ago Improper Authentication in Apache CXF
CVE-2012-4558 medium 4.3 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x …
CVE-2012-3499 medium 4.3 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors …
CVE-2012-2378 medium 4.3 apache 14y ago Improper Authentication in Apache CXF
CVE-2012-2379 critical 10.0 apache 14y ago XML Signature/Encryption Not Validated in Apache CXF
CVE-2012-4431 medium 4.3 apache 14y ago Cross-Site Request Forgery in Apache Tomcat
CVE-2012-3546 medium 4.3 apache 14y ago Authentication Bypass in Apache Tomcat
CVE-2012-5568 medium 5.0 suse suse apache 14y ago Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CVE-2012-4557 medium 5.0 FIX debian debian apache 14y ago The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to ca…
CVE-2012-5886 medium 5.0 apache 14y ago Improper Authentication in Apache Tomcat
CVE-2012-5885 medium 5.0 apache 14y ago Improper Access Control in Apache Tomcat
CVE-2012-2733 medium 5.0 apache 14y ago java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which …
CVE-2012-5786 medium 5.8 apache 14y ago The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the s…
CVE-2012-5785 medium 5.8 apache 14y ago Apache Axis2 has Improper Input Validation
CVE-2012-5784 medium 5.8 FIX slesdebian debian apachepaypal 14y ago Man-in-the-middle attack in Apache Axis
CVE-2012-5783 medium 5.8 FIX slesdebian debianubuntu ubuntu apache 14y ago Improper Certificate Validation in Apache Commons HttpClient
CVE-2012-3446 medium 5.9 5.9 FIX debian debian apache 14y ago Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o…
CVE-2012-4501 critical 10.0 apachecitrix 14y ago Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
CVE-2012-3506 critical 10.0 apache 14y ago Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
CVE-2012-5351 medium 6.4 apache 14y ago Improper Authentication in Apache Axis2
CVE-2012-4418 medium 5.8 apache 14y ago Apache Axis2 Vulnerable to XML Signature wrapping attack
CVE-2012-2145 medium 5.0 apache 14y ago Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of inc…
CVE-2012-3451 medium 4.3 apache 14y ago Remote web-service operation execution in Apache CXF
CVE-2012-3373 medium 4.3 apache 14y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequenc…
CVE-2012-4360 medium 4.3 googleapache 14y ago Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecif…
CVE-2012-4001 medium 5.0 googleapache 14y ago The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified …
CVE-2012-4387 medium 5.0 apache 14y ago Denial of service in Apache Struts
CVE-2012-4386 medium 6.8 apache 14y ago Cross-Site Request Forgery in Apache Struts
CVE-2012-3526 medium 5.0 FIX debian debian thomas_eibnerapache 14y ago The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For …
CVE-2012-3467 medium 5.0 apache 14y ago Apache QPID Allows Remote Authentication Bypass
CVE-2012-3502 medium 4.3 FIX debian debian apache 14y ago The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determi…
CVE-2012-0213 medium 5.0 apache 14y ago Denial of Service in Apache POI
CVE-2012-2138 medium 6.0 EXP apache 14y ago Apache Sling POST Servlets Denial of Service Vulnerability
CVE-2012-2098 medium 5.0 FIX debian debian apache 14y ago Uncontrolled Resource Consumption in Apache Commons Compress
CVE-2012-2380 medium 6.8 apache 14y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by levera…
CVE-2012-2334 medium 6.8 FIX debian debian apachelibreoffice 14y ago Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service…
CVE-2012-0037 medium 6.5 6.5 rhelfedora fedoradebian debian librdflibreofficeapache 14y ago Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read…
CVE-2012-0883 medium 6.9 FIX debian debiansuse suse apache 14y ago envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the …
CVE-2012-1574 medium 6.5 apachecloudera 14y ago Apache Hadoop allows impersonation of arbitrary cluster user accounts
CVE-2012-0256 medium 5.0 FIX debian debian apache 14y ago Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long …
CVE-2012-1089 medium 5.0 apache 14y ago Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wi…
CVE-2012-0047 medium 4.3 apache 14y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
CVE-2012-1181 medium 5.0 FIX debian debian apache 14y ago fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to…
CVE-2012-0838 critical 10.0 apache 15y ago Apache Struts Code injection due to conversion error
CVE-2012-0840 medium 6.0 EXPFIX debian debian apache 15y ago tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependen…
CVE-2012-1007 medium 5.3 EXP apache 15y ago Withdrawn Advisory: Apache Struts XSS
CVE-2012-1006 medium 5.3 EXP apache 15y ago Apache Struts Multiple Cross-site Scripting Vulnerabilities
CVE-2012-0053 medium 5.3 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to …
CVE-2012-0022 medium 5.0 apache 15y ago Denial of Service in Apache Tomcat
CVE-2011-3375 medium 5.0 apache 15y ago Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
CVE-2012-0031 medium 5.6 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a …
CVE-2011-5064 medium 4.3 apache 15y ago Use of Hard-coded Cryptographic Key in Apache Tomcat
CVE-2011-5063 medium 4.3 apache 15y ago Improper Authentication in Apache Tomcat
CVE-2011-5062 medium 5.0 apache 15y ago Improper Authentication in Apache Tomcat
CVE-2011-1184 medium 5.0 apache 15y ago Authentication Bypass in Apache Tomcat
CVE-2011-5057 medium 6.0 EXP apache 15y ago Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attacke…
CVE-2012-0394 medium 7.8 EXP apache 15y ago Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
CVE-2012-0393 medium 7.4 EXP apache 15y ago Apache Struts's ParameterInterceptor component does not prevent access to public constructors
CVE-2012-0392 medium 7.8 EXP apache 15y ago Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
CVE-2011-4858 medium 6.0 EXP apache 15y ago Improper Input Validation in Apache Tomcat
CVE-2011-4905 medium 5.0 FIX debian debian apache 15y ago Denial of Service in Apache ActiveMQ
CVE-2007-6750 medium 6.0 EXPFIX debian debian apache 15y ago The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtime…
CVE-2011-4317 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use o…
CVE-2011-3639 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2…
CVE-2011-3376 medium 4.4 apache 15y ago org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privi…
CVE-2011-3607 medium 5.4 EXPFIX debian debian apache 15y ago Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to ga…
CVE-2011-3368 medium 6.0 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch patte…
CVE-2011-3348 medium 4.3 FIX debian debian rhel apacheredhat 15y ago The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error s…
CVE-2010-4340 medium 4.3 FIX debian debian apache 15y ago libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM…
CVE-2011-2729 medium 5.0 FIX debian debian linux-kernel apache 15y ago native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on…
CVE-2011-2481 medium 4.6 apache 15y ago Apache Tomcat Allows Replacing of XML Parser
CVE-2011-2526 medium 4.4 apache 15y ago Improper Input Validation in Apache Tomcat
CVE-2011-2516 medium 5.0 FIX debian debian apacheshibboleth 15y ago Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of servic…
CVE-2011-1498 medium 4.3 FIX debian debian apache 15y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient