VIR Vulnerability Intelligence Relay

Search

Found 743 results in 80ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2014-3576 high 7.5 7.5 FIX debian debian apacheoracle 11y ago Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ
CVE-2015-3187 medium 4.0 FIX debian debian apacheapple 11y ago The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive pa…
CVE-2015-3184 medium 5.0 FIX debian debian appleapache 11y ago mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read…
CVE-2015-3185 medium 4.3 FIX debian debianubuntu ubuntumacos macos apacheapple 11y ago The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather …
CVE-2015-3183 medium 5.0 FIX debian debian apache 11y ago The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a…
CVE-2015-0253 medium 5.0 FIX debian debianmacos macos apache 11y ago The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NUL…
CVE-2015-1831 high 7.5 apache 11y ago Incomplete exclude pattern in Apache Struts
CVE-2014-7810 medium 5.0 debian debian apache 11y ago Improper Access Control in Apache Tomcat
CVE-2014-0230 high 7.8 apacheoracle 11y ago Uncontrolled Resource Consumption in Apache Tomcat
CVE-2015-0264 medium 5.0 apache 11y ago Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
CVE-2015-0263 medium 5.0 apache 11y ago Apache Camel XML External Entity vulnerability
CVE-2015-2944 medium 4.3 apache 11y ago Improper Neutralization of Input During Web Page Generation in Apache Sling
CVE-2015-1833 medium 7.4 EXPFIX debian debian apache 11y ago Improper Input Validation in Apache Jackrabbit
CVE-2015-1774 medium 6.8 FIX debian debianubuntu ubuntu rhel apachelibreoffice 11y ago The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code vi…
CVE-2014-8111 medium 5.0 FIX slesdebian debian apache 11y ago Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified …
CVE-2015-0251 medium 4.0 FIX suse suse rheldebian debian apacheapple 11y ago The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
CVE-2015-0248 medium 5.0 FIX slessuse suse rhel apacheapple 11y ago The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted …
CVE-2015-0202 high 7.8 FIX suse susedebian debian apache 11y ago The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal …
CVE-2015-1773 medium 4.3 apache 11y ago Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaSc…
CVE-2015-0225 high 7.5 apache 11y ago Improper Neutralization of Special Elements used in a Command in Apache Cassandra
CVE-2015-0252 medium 6.0 EXPFIX slesfedora fedoradebian debian apache 11y ago internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
CVE-2015-0250 medium 6.4 FIX slesdebian debianubuntu ubuntu apacheredhat 11y ago Improper Input Validation in Apache Batik
CVE-2015-2091 medium 5.0 apache 11y ago The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof client…
CVE-2015-0254 high 7.5 slesubuntu ubuntu apache 11y ago XXE in Apache Standard Taglibs
CVE-2015-0228 medium 5.0 FIX debian debianubuntu ubuntususe suse apache 11y ago The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a…
CVE-2014-0227 medium 6.4 apache 12y ago Improper Input Validation in Apache Tomcat
CVE-2015-0227 medium 5.0 FIX debian debian apache 12y ago Improper Access Control in Apache WSS4J
CVE-2014-8110 medium 4.3 FIX debian debian apache 12y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2015-0223 medium 5.0 apache 12y ago Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
CVE-2014-8152 medium 5.0 FIX debian debian apache 12y ago Improper Input Validation in Apache Santuario XML Security
CVE-2014-9593 medium 5.0 apache 12y ago Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.
CVE-2014-10022 medium 5.0 FIX debian debian apache 12y ago Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing.
CVE-2014-9527 medium 5.0 FIX debian debianfedora fedora apache 12y ago Loop with Unreachable Exit Condition in Apache POI
CVE-2014-3628 medium 4.3 FIX debian debian apache 12y ago Improper Neutralization of Input During Web Page Generation in Apache Solr
CVE-2014-8109 medium 4.3 FIX debian debianfedora fedoraubuntu ubuntu apacheoracle 12y ago mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different ar…
CVE-2014-8108 medium 5.0 FIX rheldebian debian apacheapple 12y ago The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) v…
CVE-2014-3580 medium 5.0 FIX slesdebian debian rhel apacheapple 12y ago The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server cra…
CVE-2014-3583 medium 5.0 FIX debian debianubuntu ubuntumacos macos apache 12y ago The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon c…
CVE-2014-7809 medium 6.8 apache 12y ago Cross-Site Request Forgery in Apache Struts
CVE-2014-7807 medium 5.0 apache 12y ago Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.
CVE-2014-3627 medium 5.0 apache 12y ago Improper Link Resolution Before File Access in Apache Hadoop
CVE-2014-3629 medium 4.3 apache 12y ago XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.
CVE-2014-0228 low 3.5 apache 12y ago Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
CVE-2014-3502 medium 4.3 apache 12y ago Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.
CVE-2014-3501 medium 4.3 apache 12y ago Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
CVE-2014-3500 medium 6.4 apache 12y ago Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.
CVE-2014-3623 medium 5.0 apache 12y ago Improper Authentication in Apache WSS4J
CVE-2014-3584 medium 5.0 apache 12y ago Loop with Unreachable Exit Condition in Apache CXF
CVE-2014-3581 medium 5.0 FIX debian debianubuntu ubuntu rhel apacheoracle 12y ago The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer d…
CVE-2014-0074 high 7.5 FIX debian debian apache 12y ago Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
CVE-2012-6107 medium 4.3 apache 12y ago Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack…
CVE-2013-4444 medium 6.8 sles apache 12y ago Apache Tomcat Unrestricted file upload vulnerability
CVE-2014-3574 medium 4.3 FIX debian debian apache 12y ago Improper Input Validation in Apache POI
CVE-2014-3529 medium 4.3 FIX debian debian apache 12y ago Improper Restriction of XML External Entity Reference in Apache POI
CVE-2012-6153 medium 4.3 FIX debian debian apache 12y ago Improper certificate validation in org.apache.httpcomponents:httpclient
CVE-2014-3596 medium 5.8 FIX slesdebian debian apache 12y ago Improper Validation of Certificates in apache axis
CVE-2014-3575 medium 4.3 sles rhel apachelibreoffice 12y ago The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
CVE-2014-0232 medium 4.3 apache 12y ago Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to…
CVE-2014-3577 medium 5.8 FIX slesarch archdebian debian apache 12y ago Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
CVE-2014-3528 medium 4.0 FIX suse suseubuntu ubuntu rhel apacheapple 12y ago Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers …
CVE-2014-3522 medium 4.0 FIX suse suseubuntu ubuntudebian debian apacheapple 12y ago The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certif…
CVE-2014-3504 medium 4.0 FIX ubuntu ubuntudebian debian apacheserf_project 12y ago The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in t…
CVE-2013-7393 low 2.4 FIX debian debian apache 12y ago The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfil…
CVE-2013-4262 low 2.4 FIX debian debian apache 12y ago svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this i…
CVE-2014-3523 medium 5.0 FIX debian debian apache 12y ago Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote…
CVE-2014-0231 medium 5.0 FIX debian debian apache 12y ago The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script …
CVE-2014-0226 medium 7.8 EXPFIX debian debian rhel apacheredhatoracle 12y ago Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…
CVE-2014-0118 medium 4.3 FIX debian debian rhel apacheredhat 12y ago The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denia…
CVE-2014-0117 medium 4.3 FIX debian debianmacos macos apache 12y ago The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Conn…
CVE-2013-4352 medium 4.3 FIX debian debian apache 12y ago The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a …
CVE-2014-3503 medium 5.0 apache 12y ago Apache Syncope uses a weak PNRG
CVE-2014-0035 medium 4.3 apacheredhat 12y ago Cleartext Transmission of Sensitive Information in Apache CXF
CVE-2014-0034 medium 4.3 apacheredhat 12y ago Improper Input Validation in Apache CXF
CVE-2012-1621 medium 4.3 apache 12y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a par…
CVE-2011-4367 medium 6.0 EXPFIX debian debian apache 12y ago Apache MyFaces Vulnerable to Path Traversal
CVE-2014-0119 medium 4.3 sles apache 12y ago Missing XML Validation in Apache Tomcat
CVE-2014-0099 medium 4.3 sles apache 12y ago Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
CVE-2014-0096 medium 4.3 apache 12y ago Improper Input Validation in Apache Tomcat
CVE-2014-0095 medium 5.0 apache 12y ago Denial of service in Apache Tomcat
CVE-2014-0075 medium 5.0 apache 12y ago Integer Overflow or Wraparound in Apache Tomcat
CVE-2013-2193 medium 4.3 apache 12y ago Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive inf…
CVE-2013-2758 medium 5.0 apachecitrix 12y ago Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers…
CVE-2013-2756 medium 5.0 apachecitrix 12y ago Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging …
CVE-2012-5649 medium 6.8 apache 12y ago Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
CVE-2014-0110 medium 4.3 apache 12y ago Uncontrolled Resource Consumption in Apache CXF
CVE-2014-0109 medium 4.3 apache 12y ago Uncontrolled Resource Consumption in Apache CXF
CVE-2014-0116 medium 5.8 apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0114 high 8.5 EXPFIX debian debian apache 12y ago Arbitrary code execution in Apache Commons BeanUtils
CVE-2013-7372 medium 5.0 apache 12y ago The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache …
CVE-2014-0113 high 8.5 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0112 high 8.5 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2013-2187 medium 4.3 apache 12y ago Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to…
CVE-2014-0111 medium 6.5 apache 12y ago Apache Syncope JEXL Code Injection
CVE-2014-0107 high 7.5 FIX debian debian apacheoracle 12y ago Improper Authorization in Apache Xalan-Java
CVE-2013-5704 medium 5.0 FIX debian debian rhelmacos macos apacheredhatoracle 12y ago The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfe…
CVE-2014-0050 high 8.5 EXPFIX debian debian apacheoracle 12y ago Commons FileUpload Denial of service vulnerability
CVE-2014-2668 medium 6.0 EXP apache 12y ago Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
CVE-2014-0003 high 7.5 apache 12y ago Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
CVE-2014-0002 high 7.5 apache 12y ago Apache Camel's XSLT component allows remote attackers to read arbitrary files
CVE-2012-5650 medium 4.3 apache 12y ago Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via …