VIR Vulnerability Intelligence Relay

Search

Found 743 results in 122ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2012-5641 medium 5.0 apachemochiweb_project 12y ago Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows …
CVE-2014-0098 medium 5.0 FIX debian debianubuntu ubuntu apacheoracle 12y ago The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon cra…
CVE-2013-6438 medium 5.0 FIX debian debianubuntu ubuntu apacheoracle 12y ago The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote atta…
CVE-2014-0094 medium 6.0 EXP apache 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-1884 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-reso…
CVE-2014-1882 high 7.5 adobeapache 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
CVE-2014-1881 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
CVE-2012-6637 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis…
CVE-2014-0033 medium 4.3 apache 12y ago Improper Input Validation in Apache Tomcat
CVE-2013-4590 medium 4.3 debian debian apache 12y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2013-4322 medium 4.3 apache 12y ago Apache Tomcat Denial of Service vulnerability
CVE-2013-4286 medium 5.8 apache 12y ago Apache Tomcat is vulnerable to HTTP request-smuggling
CVE-2013-0346 low 2.1 apache 13y ago Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor ha…
CVE-2014-0032 medium 4.3 FIX debian debian apache 13y ago The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial …
CVE-2013-2055 medium 5.0 apache 13y ago Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templ…
CVE-2013-1880 medium 4.3 FIX debian debian apache 13y ago Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
CVE-2013-0177 low 4.5 EXP apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x all…
CVE-2013-2192 low 3.2 apache 13y ago Improper Authentication in Apache Hadoop
CVE-2013-2185 high 7.5 apacheredhat 13y ago Deserialization of Untrusted Data in Apache Tomcat
CVE-2014-0031 medium 4.0 apache 13y ago The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
CVE-2013-6398 low 2.8 apache 13y ago The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions v…
CVE-2013-4517 medium 4.3 FIX debian debian apache 13y ago Improper Input Validation in Apache Santuario XML Security
CVE-2013-6480 low 3.1 EXPFIX debian debian apache 13y ago Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
CVE-2012-6612 high 7.5 FIX debian debian apache 13y ago Improper Restriction of XML External Entity Reference in Apache Solr
CVE-2013-6408 medium 6.4 FIX debian debian apache 13y ago XML Injection in Apache Solr
CVE-2013-6407 medium 6.4 FIX debian debian apache 13y ago Apache Solr UpdateRequestHandler for XML resolves XML External Entities
CVE-2013-6397 medium 4.3 FIX debian debian apache 13y ago Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
CVE-2013-4558 low 3.5 FIX debian debian apache 13y ago The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversio…
CVE-2013-4505 low 2.6 FIX debian debian apache 13y ago The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a den…
CVE-2013-4212 medium 7.8 EXP apache 13y ago Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated b…
CVE-2013-4171 medium 4.3 apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS…
CVE-2013-6357 medium 7.8 EXP apache 13y ago Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that…
CVE-2013-6348 medium 4.3 apache 13y ago Apache Struts is vulnerable to Cross-site Scripting
CVE-2013-4390 medium 5.8 apache 13y ago Apache Sling Auth Core bundle vulnerable to Open Redirection
CVE-2013-4295 medium 6.0 EXP apache 13y ago Apache Shindig PHP Sensitive Information Disclosure
CVE-2013-4365 high 7.5 FIX debian debiansuse suse apachesuse 13y ago Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified im…
CVE-2013-2254 medium 5.0 apache 13y ago Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Sling
CVE-2013-4330 medium 6.8 apache 13y ago Improper Control of Generation of Code in Apache Camel
CVE-2013-5697 high 8.5 EXP simone_telliniapache 13y ago SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
CVE-2013-4310 medium 5.8 apache 13y ago Apache Struts2 Broken Access Control Vulnerability
CVE-2013-4277 low 3.3 FIX debian debian apache 13y ago Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by th…
CVE-2013-2210 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial…
CVE-2013-2172 medium 4.3 FIX debian debian apache 13y ago Inefficient Algorithmic Complexity in Apache Santuario XML Security
CVE-2013-2156 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote a…
CVE-2013-2155 medium 5.8 FIX debian debian apache 13y ago Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-021…
CVE-2013-2154 high 7.5 FIX debian debian apache 13y ago Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-depend…
CVE-2013-2153 medium 4.3 FIX debian debian apache 13y ago The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures…
CVE-2013-2160 medium 6.0 EXP apache 13y ago Missing XML Validation in Apache CXF
CVE-2013-2136 medium 4.3 apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizar…
CVE-2012-5575 medium 6.4 apacheredhat 13y ago Inadequate Encryption Strength in Apache CXF
CVE-2013-2137 medium 4.3 apache 13y ago Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and…
CVE-2013-4156 medium 6.8 FIX debian debian apache 13y ago Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document fi…
CVE-2013-4131 medium 4.0 FIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds…
CVE-2013-2189 medium 6.8 FIX debian debian apache 13y ago Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
CVE-2013-2112 high 7.8 FIX ubuntu ubuntususe susedebian debian apachecollabnet 13y ago The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
CVE-2013-2088 high 8.1 EXPFIX suse susedebian debian apachecollabnet 13y ago contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-1968 medium 5.5 FIX ubuntu ubuntususe susedebian debian apachecollabnet 13y ago Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
CVE-2013-2249 high 7.5 FIX debian debian apache 13y ago mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new ses…
CVE-2013-4002 high 7.1 linux-kernelubuntu ubuntususe suse ibmoracleapache 13y ago Missing XML Validation in Apache Xerces2
CVE-2013-2248 medium 6.8 EXP apache 13y ago Open redirect in Apache Struts
CVE-2013-1879 medium 4.3 FIX debian debian apache 13y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2013-2765 medium 6.0 EXPFIX debian debiansuse suse trustwaveapache 13y ago The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request …
CVE-2013-1768 high 7.5 FIX debian debian apache 13y ago Deserialization of Untrusted Data in Apache OpenJPA
CVE-2013-1896 medium 4.3 FIX debian debian rhelubuntu ubuntu apacheredhat 13y ago mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a M…
CVE-2013-2115 high 8.1 9.1 EXP apache 13y ago Code injection in Apache Struts
CVE-2013-1862 medium 5.1 FIX debian debiansuse suse rhel apacheredhatoracle 13y ago mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to exec…
CVE-2013-2071 low 2.6 apache 13y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2013-2067 medium 6.8 apache 13y ago Improper Authentication in Apache Tomcat
CVE-2012-3544 medium 5.0 sles apache 13y ago Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
CVE-2013-0942 medium 4.3 emcmicrosoftapache 13y ago Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers t…
CVE-2013-0941 low 2.1 rsaapachemicrosoft 13y ago EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Win…
CVE-2013-1884 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval…
CVE-2013-1849 medium 4.3 FIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a P…
CVE-2013-1847 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an …
CVE-2013-1846 medium 4.0 FIX suse susedebian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash…
CVE-2013-1845 low 2.1 FIX suse susedebian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting…
CVE-2013-3060 medium 6.4 FIX debian debian apache 13y ago Improper Authentication in Apache ActiveMQ
CVE-2012-6551 medium 5.0 FIX debian debian apache 13y ago Apache ActiveMQ default configuration subject to denial of service
CVE-2012-6092 medium 4.3 FIX debian debian apache 13y ago Cross-site Scripting in Apache ActiveMQ
CVE-2013-0253 medium 5.8 apache 13y ago The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
CVE-2013-0248 low 3.3 FIX debian debian apache 13y ago Incorrect Default Permissions in Apache Commons FileUpload
CVE-2012-4460 medium 5.0 apache 13y ago The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via …
CVE-2012-4459 medium 5.0 apache 13y ago Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which trigge…
CVE-2012-4458 medium 5.0 apache 13y ago The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the clien…
CVE-2012-4446 medium 6.8 apache 13y ago Improper Authentication in Apache Qpid
CVE-2013-1814 medium 5.0 EXP apache 13y ago Apache Rave information disclosure vulnerability
CVE-2013-0239 medium 5.0 apache 13y ago Improper Authentication in Apache CXF
CVE-2012-5633 medium 5.8 apache 13y ago Improper Authentication in Apache CXF
CVE-2012-4558 medium 4.3 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x …
CVE-2012-3499 medium 4.3 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors …
CVE-2012-5616 low 1.5 apachecitrix 14y ago Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) t…
CVE-2012-2378 medium 4.3 apache 14y ago Improper Authentication in Apache CXF
CVE-2012-4534 low 2.6 apache 14y ago org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to…
CVE-2012-4431 medium 4.3 apache 14y ago Cross-Site Request Forgery in Apache Tomcat
CVE-2012-3546 medium 4.3 apache 14y ago Authentication Bypass in Apache Tomcat
CVE-2012-5568 medium 5.0 suse suse apache 14y ago Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CVE-2012-4557 medium 5.0 FIX debian debian apache 14y ago The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to ca…
CVE-2012-5886 medium 5.0 apache 14y ago Improper Authentication in Apache Tomcat
CVE-2012-5885 medium 5.0 apache 14y ago Improper Access Control in Apache Tomcat
CVE-2012-2733 medium 5.0 apache 14y ago java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which …