VIR Vulnerability Intelligence Relay

Search

Found 573 results in 195ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2011-1783 medium 4.3 FIX macos macosdebian debianubuntu ubuntu apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to…
CVE-2011-1752 medium 5.0 FIX macos macosdebian debianubuntu ubuntu apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) …
CVE-2011-2329 medium 6.5 apache 15y ago The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers…
CVE-2011-1077 medium 4.3 apache 15y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1026 medium 6.8 apache 15y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
CVE-2011-1928 medium 4.3 FIX debian debian apache 15y ago The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infi…
CVE-2011-1582 medium 4.3 apache 15y ago Access restriction bypass in Apache Tomcat
CVE-2011-0419 medium 5.3 EXPFIX debian debianmacos macosfreebsd freebsd apache 15y ago Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in …
CVE-2011-2088 medium 5.0 apacheopensymphony 15y ago XWork in Apache Struts Reveals Sensitive Information
CVE-2011-2087 medium 4.3 apache 15y ago Apache Struts Multiple XSS Vulnerabilities
CVE-2011-1475 medium 5.0 apache 15y ago Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
CVE-2011-1183 medium 5.8 apache 15y ago Access controll bypass in Apache Tomcat
CVE-2011-1176 medium 4.3 FIX debian debian mpm-itk_projectapache 15y ago The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration section…
CVE-2011-1419 medium 5.8 apache 15y ago Apache Tomcat does not follow ServletSecurity annotations
CVE-2011-1088 medium 5.8 apache 15y ago Apache Tomcat allows remote attackers to bypass intended access restrictions
CVE-2011-0715 medium 4.3 FIX debian debian apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) …
CVE-2011-0013 medium 4.3 apache 16y ago Improper Neutralization of Input During Web Page Generation in Apache Tomcat
CVE-2011-0533 medium 4.3 apache 16y ago Apache Continuum and Archiva vulnerable to Cross-site Scripting
CVE-2011-0534 medium 5.0 apache 16y ago Apache Tomcat does not enforce the maxHttpHeaderSize limit
CVE-2010-3854 medium 4.3 apache 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML…
CVE-2010-4643 critical 9.3 apache 16y ago Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a …
CVE-2010-4253 critical 9.3 ubuntu ubuntudebian debian apache 16y ago Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a …
CVE-2010-3689 medium 6.9 debian debianubuntu ubuntu apache 16y ago soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current…
CVE-2010-3454 critical 9.3 debian debianubuntu ubuntu apache 16y ago Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application cr…
CVE-2010-3453 critical 9.3 debian debianubuntu ubuntu apache 16y ago The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8…
CVE-2010-3452 critical 9.3 debian debianubuntu ubuntu apache 16y ago Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…
CVE-2010-3451 critical 9.3 debian debianubuntu ubuntu apache 16y ago Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…
CVE-2010-3450 critical 9.3 debian debianubuntu ubuntu apache 16y ago Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filte…
CVE-2010-4539 medium 6.8 FIX debian debian apache 16y ago The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (N…
CVE-2010-4408 medium 6.8 apache 16y ago Apache Archiva does not require entry of the administrator's password at the time of modifying a user account
CVE-2010-3449 medium 7.8 EXP jesse_mcconnellapache 16y ago Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum…
CVE-2010-4312 medium 6.4 apache 16y ago Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
CVE-2010-4172 medium 5.3 EXP apache 16y ago Improper Neutralization of Input During Web Page Generation in Apache Tomcat
CVE-2010-4008 medium 4.3 FIX debian debiansuse susemacos macos googleapplexmlsoft 16y ago libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressi…
CVE-2010-3863 medium 6.0 EXPFIX debian debian apachejsecurity 16y ago Apache Shiro Path Traversal vulnerability
CVE-2010-2057 medium 5.0 apache 16y ago Improper Authentication in Apache MyFaces
CVE-2010-0219 critical 10.0 EXP apachesap 16y ago Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier …
CVE-2009-5006 medium 4.0 apache 16y ago The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and o…
CVE-2009-5005 medium 5.0 apache 16y ago The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daem…
CVE-2010-3083 medium 4.3 apache 16y ago sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon out…
CVE-2010-3315 medium 6.0 FIX debian debian apache 16y ago authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not prop…
CVE-2010-1623 medium 5.0 FIX debian debian apache 16y ago Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Ap…
CVE-2010-2953 medium 6.9 apache 16y ago Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current worki…
CVE-2010-2952 medium 4.3 FIX debian debian apache 16y ago Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, w…
CVE-2010-2234 medium 6.8 apache 16y ago Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation UR…
CVE-2010-2076 critical 9.8 9.8 apache 16y ago Improper Input Validation in Apache CXF
CVE-2010-1870 medium 6.0 EXP apache 16y ago Server side object manipulation in Apache Struts
CVE-2010-2791 medium 5.0 FIX debian debian apache 16y ago mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remo…
CVE-2009-2696 medium 4.3 rhel apache 16y ago Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Lin…
CVE-2010-1452 medium 5.0 FIX debian debian apache 16y ago The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
CVE-2010-2227 medium 7.4 EXP apache 16y ago Apache Tomcat does not properly handle an invalid Transfer-Encoding header
CVE-2010-2068 medium 5.0 FIX debian debian apache 16y ago mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, …
CVE-2010-0395 critical 9.3 fedora fedoraubuntu ubuntudebian debian apache 16y ago OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file…
CVE-2010-2103 medium 5.3 EXPFIX debian debian apache3comsap 16y ago Improper Neutralization of Input During Web Page Generation in Apache Axis2
CVE-2010-2086 medium 4.0 apache 16y ago Apache MyFaces Cross-site Scripting vulnerability
CVE-2010-1587 medium 6.0 EXP apache 16y ago Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
CVE-2010-1151 medium 6.8 apache 16y ago Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interactio…
CVE-2010-0432 medium 5.3 EXP apache 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inje…
CVE-2010-1244 medium 6.8 apache 16y ago Cross-site request forgery in Apache ActiveMQ
CVE-2010-0009 medium 4.3 apache 16y ago Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
CVE-2010-0434 medium 4.3 FIX debian debianfedora fedora apache 17y ago The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumsta…
CVE-2010-0408 medium 5.0 FIX debian debian apache 17y ago The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body…
CVE-2010-0136 critical 9.3 ubuntu ubuntudebian debian apache 17y ago OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted…
CVE-2009-3302 critical 9.3 ubuntu ubuntudebian debian apache 17y ago filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table p…
CVE-2009-3301 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafte…
CVE-2009-2950 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service…
CVE-2009-2949 critical 9.3 ubuntu ubuntudebian debian apache 17y ago Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that…
CVE-2003-1580 medium 4.3 debian debian apache 17y ago The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which al…
CVE-2010-0010 medium 6.8 apache 17y ago Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of serv…
CVE-2009-2902 medium 4.3 apache 17y ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
CVE-2009-2901 medium 4.3 apache 17y ago Improper Authentication in Apache Tomcat
CVE-2009-2693 medium 5.8 apache 17y ago Apache Tomcat Directory Traversal vulnerability
CVE-2009-3555 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntufedora fedora apachegnumozilla 17y ago The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…