VIR Vulnerability Intelligence Relay

Search

Found 835 results in 236ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2012-6637 high 7.5 apacheadobe 12y ago Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis…
CVE-2014-0033 medium 4.3 apache 12y ago Improper Input Validation in Apache Tomcat
CVE-2013-4590 medium 4.3 debian debian apache 12y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2013-4322 medium 4.3 apache 12y ago Apache Tomcat Denial of Service vulnerability
CVE-2013-4286 medium 5.8 apache 12y ago Apache Tomcat is vulnerable to HTTP request-smuggling
CVE-2014-0032 medium 4.3 FIX debian debian apache 13y ago The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial …
CVE-2013-2055 medium 5.0 apache 13y ago Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templ…
CVE-2013-1880 medium 4.3 FIX debian debian apache 13y ago Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
CVE-2013-2185 high 7.5 apacheredhat 13y ago Deserialization of Untrusted Data in Apache Tomcat
CVE-2014-0031 medium 4.0 apache 13y ago The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
CVE-2013-4517 medium 4.3 FIX debian debian apache 13y ago Improper Input Validation in Apache Santuario XML Security
CVE-2012-6612 high 7.5 FIX debian debian apache 13y ago Improper Restriction of XML External Entity Reference in Apache Solr
CVE-2013-6408 medium 6.4 FIX debian debian apache 13y ago XML Injection in Apache Solr
CVE-2013-6407 medium 6.4 FIX debian debian apache 13y ago Apache Solr UpdateRequestHandler for XML resolves XML External Entities
CVE-2013-6397 medium 4.3 FIX debian debian apache 13y ago Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
CVE-2013-4212 medium 7.8 EXP apache 13y ago Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated b…
CVE-2013-4171 medium 4.3 apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS…
CVE-2013-6357 medium 7.8 EXP apache 13y ago Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that…
CVE-2013-6348 medium 4.3 apache 13y ago Apache Struts is vulnerable to Cross-site Scripting
CVE-2013-4390 medium 5.8 apache 13y ago Apache Sling Auth Core bundle vulnerable to Open Redirection
CVE-2013-4295 medium 6.0 EXP apache 13y ago Apache Shindig PHP Sensitive Information Disclosure
CVE-2013-4365 high 7.5 FIX debian debiansuse suse apachesuse 13y ago Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified im…
CVE-2013-2254 medium 5.0 apache 13y ago Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Sling
CVE-2013-4330 medium 6.8 apache 13y ago Improper Control of Generation of Code in Apache Camel
CVE-2013-5697 high 8.5 EXP simone_telliniapache 13y ago SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
CVE-2013-4316 critical 10.0 apacheoracle 13y ago Code injection in Apache Struts
CVE-2013-4310 medium 5.8 apache 13y ago Apache Struts2 Broken Access Control Vulnerability
CVE-2013-2210 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial…
CVE-2013-2172 medium 4.3 FIX debian debian apache 13y ago Inefficient Algorithmic Complexity in Apache Santuario XML Security
CVE-2013-2156 high 7.5 FIX debian debian apache 13y ago Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote a…
CVE-2013-2155 medium 5.8 FIX debian debian apache 13y ago Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-021…
CVE-2013-2154 high 7.5 FIX debian debian apache 13y ago Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-depend…
CVE-2013-2153 medium 4.3 FIX debian debian apache 13y ago The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures…
CVE-2013-2160 medium 6.0 EXP apache 13y ago Missing XML Validation in Apache CXF
CVE-2013-2136 medium 4.3 apache 13y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizar…
CVE-2012-5575 medium 6.4 apacheredhat 13y ago Inadequate Encryption Strength in Apache CXF
CVE-2013-2250 critical 10.0 apache 13y ago Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) function…
CVE-2013-2137 medium 4.3 apache 13y ago Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and…
CVE-2013-4156 medium 6.8 FIX debian debian apache 13y ago Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document fi…
CVE-2013-4131 medium 4.0 FIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds…
CVE-2013-2189 medium 6.8 FIX debian debian apache 13y ago Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
CVE-2013-2112 high 7.8 FIX ubuntu ubuntususe susedebian debian apachecollabnet 13y ago The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
CVE-2013-2088 high 8.1 EXPFIX suse susedebian debian apachecollabnet 13y ago contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-1968 medium 5.5 FIX ubuntu ubuntususe susedebian debian apachecollabnet 13y ago Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
CVE-2013-2249 high 7.5 FIX debian debian apache 13y ago mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new ses…
CVE-2013-4002 high 7.1 linux-kernelubuntu ubuntususe suse ibmoracleapache 13y ago Missing XML Validation in Apache Xerces2
CVE-2013-2248 medium 6.8 EXP apache 13y ago Open redirect in Apache Struts
CVE-2013-1879 medium 4.3 FIX debian debian apache 13y ago Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
CVE-2013-2135 critical 9.3 apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-2134 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-2765 medium 6.0 EXPFIX debian debiansuse suse trustwaveapache 13y ago The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request …
CVE-2013-1777 critical 10.0 apacheibm 13y ago Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
CVE-2013-1768 high 7.5 FIX debian debian apache 13y ago Deserialization of Untrusted Data in Apache OpenJPA
CVE-2013-1896 medium 4.3 FIX debian debian rhelubuntu ubuntu apacheredhat 13y ago mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a M…
CVE-2013-2115 high 8.1 9.1 EXP apache 13y ago Code injection in Apache Struts
CVE-2013-1966 critical 10.0 EXP apache 13y ago Arbitrary code execution in Apache Struts
CVE-2013-1965 critical 9.3 apache 13y ago Improper Control of Generation of Code in Apache Struts
CVE-2013-1862 medium 5.1 FIX debian debiansuse suse rhel apacheredhatoracle 13y ago mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to exec…
CVE-2013-2067 medium 6.8 apache 13y ago Improper Authentication in Apache Tomcat
CVE-2012-3544 medium 5.0 sles apache 13y ago Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
CVE-2013-0942 medium 4.3 emcmicrosoftapache 13y ago Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers t…
CVE-2013-1884 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval…
CVE-2013-1849 medium 4.3 FIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a P…
CVE-2013-1847 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an …
CVE-2013-1846 medium 4.0 FIX suse susedebian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash…
CVE-2013-3060 medium 6.4 FIX debian debian apache 13y ago Improper Authentication in Apache ActiveMQ
CVE-2012-6551 medium 5.0 FIX debian debian apache 13y ago Apache ActiveMQ default configuration subject to denial of service
CVE-2012-6092 medium 4.3 FIX debian debian apache 13y ago Cross-site Scripting in Apache ActiveMQ
CVE-2013-0253 medium 5.8 apache 13y ago The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
CVE-2012-4460 medium 5.0 apache 13y ago The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via …
CVE-2012-4459 medium 5.0 apache 13y ago Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which trigge…
CVE-2012-4458 medium 5.0 apache 13y ago The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the clien…
CVE-2012-4446 medium 6.8 apache 13y ago Improper Authentication in Apache Qpid
CVE-2013-1814 medium 5.0 EXP apache 13y ago Apache Rave information disclosure vulnerability
CVE-2013-0239 medium 5.0 apache 13y ago Improper Authentication in Apache CXF
CVE-2012-5633 medium 5.8 apache 13y ago Improper Authentication in Apache CXF
CVE-2012-4558 medium 4.3 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x …
CVE-2012-3499 medium 4.3 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors …
CVE-2012-2378 medium 4.3 apache 14y ago Improper Authentication in Apache CXF
CVE-2012-2379 critical 10.0 apache 14y ago XML Signature/Encryption Not Validated in Apache CXF
CVE-2012-4431 medium 4.3 apache 14y ago Cross-Site Request Forgery in Apache Tomcat
CVE-2012-3546 medium 4.3 apache 14y ago Authentication Bypass in Apache Tomcat
CVE-2012-5568 medium 5.0 suse suse apache 14y ago Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CVE-2012-4557 medium 5.0 FIX debian debian apache 14y ago The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to ca…
CVE-2012-5886 medium 5.0 apache 14y ago Improper Authentication in Apache Tomcat
CVE-2012-5885 medium 5.0 apache 14y ago Improper Access Control in Apache Tomcat
CVE-2012-2733 medium 5.0 apache 14y ago java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which …
CVE-2012-5786 medium 5.8 apache 14y ago The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the s…
CVE-2012-5785 medium 5.8 apache 14y ago Apache Axis2 has Improper Input Validation
CVE-2012-5784 medium 5.8 FIX slesdebian debian apachepaypal 14y ago Man-in-the-middle attack in Apache Axis
CVE-2012-5783 medium 5.8 FIX slesdebian debianubuntu ubuntu apache 14y ago Improper Certificate Validation in Apache Commons HttpClient
CVE-2012-3446 medium 5.9 5.9 FIX debian debian apache 14y ago Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o…
CVE-2012-4501 critical 10.0 apachecitrix 14y ago Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
CVE-2012-3506 critical 10.0 apache 14y ago Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
CVE-2012-5351 medium 6.4 apache 14y ago Improper Authentication in Apache Axis2
CVE-2012-4418 medium 5.8 apache 14y ago Apache Axis2 Vulnerable to XML Signature wrapping attack
CVE-2012-2145 medium 5.0 apache 14y ago Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of inc…
CVE-2012-3451 medium 4.3 apache 14y ago Remote web-service operation execution in Apache CXF
CVE-2012-3373 medium 4.3 apache 14y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequenc…
CVE-2012-4360 medium 4.3 googleapache 14y ago Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecif…