VIR Vulnerability Intelligence Relay

Search

Found 705 results in 100ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2013-4322 medium 4.3 apache 12y ago Apache Tomcat Denial of Service vulnerability
CVE-2013-4286 medium 5.8 apache 12y ago Apache Tomcat is vulnerable to HTTP request-smuggling
CVE-2014-0032 medium 4.3 FIX debian debian apache 13y ago The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial …
CVE-2013-2055 medium 5.0 apache 13y ago Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templ…
CVE-2013-1880 medium 4.3 FIX debian debian apache 13y ago Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
CVE-2013-2185 high 7.5 apacheredhat 13y ago Deserialization of Untrusted Data in Apache Tomcat
CVE-2014-0031 medium 4.0 apache 13y ago The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
CVE-2013-4517 medium 4.3 FIX debian debian apache 13y ago Improper Input Validation in Apache Santuario XML Security
CVE-2012-6612 high 7.5 FIX debian debian apache 13y ago Improper Restriction of XML External Entity Reference in Apache Solr
CVE-2013-6408 medium 6.4 FIX debian debian apache 13y ago XML Injection in Apache Solr
CVE-2013-6407 medium 6.4 FIX debian debian apache 13y ago Apache Solr UpdateRequestHandler for XML resolves XML External Entities
CVE-2013-6397 medium 4.3 FIX debian debian apache 13y ago Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
CVE-2013-4212 medium 7.8 EXP apache 13y ago Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated b…
CVE-2013-4171 medium 4.3 apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS…
CVE-2013-6357 medium 7.8 EXP apache 13y ago Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that…
CVE-2013-6348 medium 4.3 apache 13y ago Apache Struts is vulnerable to Cross-site Scripting
CVE-2013-4390 medium 5.8 apache 13y ago Apache Sling Auth Core bundle vulnerable to Open Redirection
CVE-2013-4295 medium 6.0 EXP apache 13y ago Apache Shindig PHP Sensitive Information Disclosure
CVE-2013-4365 high 7.5 FIX debian debiansuse suse apachesuse 13y ago Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified im…
CVE-2013-2254 medium 5.0 apache 13y ago Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Sling
CVE-2013-4330 medium 6.8 apache 13y ago Improper Control of Generation of Code in Apache Camel
CVE-2013-5697 high 8.5 EXP simone_telliniapache 13y ago SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
CVE-2013-4310 medium 5.8 apache 13y ago Apache Struts2 Broken Access Control Vulnerability
CVE-2013-2210 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial…
CVE-2013-2172 medium 4.3 FIX debian debian apache 13y ago Inefficient Algorithmic Complexity in Apache Santuario XML Security
CVE-2013-2156 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote a…
CVE-2013-2155 medium 5.8 FIX debian debian apache 13y ago Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-021…
CVE-2013-2154 high 7.5 FIX debian debian apache 13y ago Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-depend…
CVE-2013-2153 medium 4.3 FIX debian debian apache 13y ago The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures…
CVE-2013-2160 medium 6.0 EXP apache 13y ago Missing XML Validation in Apache CXF
CVE-2013-2136 medium 4.3 apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizar…
CVE-2012-5575 medium 6.4 apacheredhat 13y ago Inadequate Encryption Strength in Apache CXF
CVE-2013-2137 medium 4.3 apache 13y ago Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and…
CVE-2013-4156 medium 6.8 FIX debian debian apache 13y ago Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document fi…
CVE-2013-4131 medium 4.0 FIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds…
CVE-2013-2189 medium 6.8 FIX debian debian apache 13y ago Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
CVE-2013-2112 high 7.8 FIX ubuntu ubuntususe susedebian debian apachecollabnet 13y ago The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
CVE-2013-2088 high 8.1 EXPFIX suse susedebian debian apachecollabnet 13y ago contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-1968 medium 5.5 FIX ubuntu ubuntususe susedebian debian apachecollabnet 13y ago Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
CVE-2013-2249 high 7.5 FIX debian debian apache 13y ago mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new ses…
CVE-2013-4002 high 7.1 linux-kernelubuntu ubuntususe suse ibmoracleapache 13y ago Missing XML Validation in Apache Xerces2
CVE-2013-2248 medium 6.8 EXP apache 13y ago Open redirect in Apache Struts
CVE-2013-1879 medium 4.3 FIX debian debian apache 13y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2013-2765 medium 6.0 EXPFIX debian debiansuse suse trustwaveapache 13y ago The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request …
CVE-2013-1768 high 7.5 FIX debian debian apache 13y ago Deserialization of Untrusted Data in Apache OpenJPA
CVE-2013-1896 medium 4.3 FIX debian debian rhelubuntu ubuntu apacheredhat 13y ago mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a M…
CVE-2013-2115 high 8.1 9.1 EXP apache 13y ago Code injection in Apache Struts
CVE-2013-1862 medium 5.1 FIX debian debiansuse suse rhel apacheredhatoracle 13y ago mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to exec…
CVE-2013-2067 medium 6.8 apache 13y ago Improper Authentication in Apache Tomcat
CVE-2012-3544 medium 5.0 sles apache 13y ago Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
CVE-2013-0942 medium 4.3 emcmicrosoftapache 13y ago Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers t…
CVE-2013-1884 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval…
CVE-2013-1849 medium 4.3 FIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a P…
CVE-2013-1847 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an …
CVE-2013-1846 medium 4.0 FIX suse susedebian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash…
CVE-2013-3060 medium 6.4 FIX debian debian apache 13y ago Improper Authentication in Apache ActiveMQ
CVE-2012-6551 medium 5.0 FIX debian debian apache 13y ago Apache ActiveMQ default configuration subject to denial of service
CVE-2012-6092 medium 4.3 FIX debian debian apache 13y ago Cross-site Scripting in Apache ActiveMQ
CVE-2013-0253 medium 5.8 apache 13y ago The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
CVE-2012-4460 medium 5.0 apache 13y ago The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via …
CVE-2012-4459 medium 5.0 apache 13y ago Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which trigge…
CVE-2012-4458 medium 5.0 apache 13y ago The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the clien…
CVE-2012-4446 medium 6.8 apache 13y ago Improper Authentication in Apache Qpid
CVE-2013-1814 medium 5.0 EXP apache 13y ago Apache Rave information disclosure vulnerability
CVE-2013-0239 medium 5.0 apache 13y ago Improper Authentication in Apache CXF
CVE-2012-5633 medium 5.8 apache 13y ago Improper Authentication in Apache CXF
CVE-2012-4558 medium 4.3 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x …
CVE-2012-3499 medium 4.3 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors …
CVE-2012-2378 medium 4.3 apache 14y ago Improper Authentication in Apache CXF
CVE-2012-4431 medium 4.3 apache 14y ago Cross-Site Request Forgery in Apache Tomcat
CVE-2012-3546 medium 4.3 apache 14y ago Authentication Bypass in Apache Tomcat
CVE-2012-5568 medium 5.0 suse suse apache 14y ago Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CVE-2012-4557 medium 5.0 FIX debian debian apache 14y ago The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to ca…
CVE-2012-5886 medium 5.0 apache 14y ago Improper Authentication in Apache Tomcat
CVE-2012-5885 medium 5.0 apache 14y ago Improper Access Control in Apache Tomcat
CVE-2012-2733 medium 5.0 apache 14y ago java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which …
CVE-2012-5786 medium 5.8 apache 14y ago The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the s…
CVE-2012-5785 medium 5.8 apache 14y ago Apache Axis2 has Improper Input Validation
CVE-2012-5784 medium 5.8 FIX slesdebian debian apachepaypal 14y ago Man-in-the-middle attack in Apache Axis
CVE-2012-5783 medium 5.8 FIX slesdebian debianubuntu ubuntu apache 14y ago Improper Certificate Validation in Apache Commons HttpClient
CVE-2012-3446 medium 5.9 5.9 FIX debian debian apache 14y ago Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o…
CVE-2012-5351 medium 6.4 apache 14y ago Improper Authentication in Apache Axis2
CVE-2012-4418 medium 5.8 apache 14y ago Apache Axis2 Vulnerable to XML Signature wrapping attack
CVE-2012-2145 medium 5.0 apache 14y ago Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of inc…
CVE-2012-3451 medium 4.3 apache 14y ago Remote web-service operation execution in Apache CXF
CVE-2012-3373 medium 4.3 apache 14y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequenc…
CVE-2012-4360 medium 4.3 googleapache 14y ago Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecif…
CVE-2012-4001 medium 5.0 googleapache 14y ago The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified …
CVE-2012-4387 medium 5.0 apache 14y ago Denial of service in Apache Struts
CVE-2012-4386 medium 6.8 apache 14y ago Cross-Site Request Forgery in Apache Struts
CVE-2012-3526 medium 5.0 FIX debian debian thomas_eibnerapache 14y ago The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For …
CVE-2012-3467 medium 5.0 apache 14y ago Apache QPID Allows Remote Authentication Bypass
CVE-2012-3502 medium 4.3 FIX debian debian apache 14y ago The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determi…
CVE-2012-0213 medium 5.0 apache 14y ago Denial of Service in Apache POI
CVE-2012-2665 high 7.5 FIX ubuntu ubuntudebian debian rhel apachelibreoffice 14y ago Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and po…
CVE-2012-3376 high 7.5 apache 14y ago Client BlockTokens not checked in Apache Hadoop
CVE-2012-2138 medium 6.0 EXP apache 14y ago Apache Sling POST Servlets Denial of Service Vulnerability
CVE-2012-2098 medium 5.0 FIX debian debian apache 14y ago Uncontrolled Resource Consumption in Apache Commons Compress
CVE-2012-2380 medium 6.8 apache 14y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by levera…
CVE-2012-2149 high 7.5 FIX debian debian rhel redhatapachelibwpd 14y ago The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted …