VIR Vulnerability Intelligence Relay

Search

Found 743 results in 214ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2012-5786 medium 5.8 apache 14y ago The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the s…
CVE-2012-5785 medium 5.8 apache 14y ago Apache Axis2 has Improper Input Validation
CVE-2012-5784 medium 5.8 FIX slesdebian debian apachepaypal 14y ago Man-in-the-middle attack in Apache Axis
CVE-2012-5783 medium 5.8 FIX slesdebian debianubuntu ubuntu apache 14y ago Improper Certificate Validation in Apache Commons HttpClient
CVE-2012-3446 medium 5.9 5.9 FIX debian debian apache 14y ago Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o…
CVE-2012-5351 medium 6.4 apache 14y ago Improper Authentication in Apache Axis2
CVE-2012-4418 medium 5.8 apache 14y ago Apache Axis2 Vulnerable to XML Signature wrapping attack
CVE-2012-2145 medium 5.0 apache 14y ago Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of inc…
CVE-2012-3451 medium 4.3 apache 14y ago Remote web-service operation execution in Apache CXF
CVE-2012-3373 medium 4.3 apache 14y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequenc…
CVE-2012-4360 medium 4.3 googleapache 14y ago Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecif…
CVE-2012-4001 medium 5.0 googleapache 14y ago The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified …
CVE-2012-4387 medium 5.0 apache 14y ago Denial of service in Apache Struts
CVE-2012-4386 medium 6.8 apache 14y ago Cross-Site Request Forgery in Apache Struts
CVE-2012-3526 medium 5.0 FIX debian debian thomas_eibnerapache 14y ago The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For …
CVE-2012-3467 medium 5.0 apache 14y ago Apache QPID Allows Remote Authentication Bypass
CVE-2012-3502 medium 4.3 FIX debian debian apache 14y ago The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determi…
CVE-2012-2687 low 2.6 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiVi…
CVE-2012-0213 medium 5.0 apache 14y ago Denial of Service in Apache POI
CVE-2012-2665 high 7.5 FIX ubuntu ubuntudebian debian rhel apachelibreoffice 14y ago Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and po…
CVE-2012-3376 high 7.5 apache 14y ago Client BlockTokens not checked in Apache Hadoop
CVE-2012-2138 medium 6.0 EXP apache 14y ago Apache Sling POST Servlets Denial of Service Vulnerability
CVE-2012-2098 medium 5.0 FIX debian debian apache 14y ago Uncontrolled Resource Consumption in Apache Commons Compress
CVE-2012-2381 low 3.5 apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
CVE-2012-2380 medium 6.8 apache 14y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by levera…
CVE-2012-2149 high 7.5 FIX debian debian rhel redhatapachelibwpd 14y ago The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted …
CVE-2012-1149 high 7.5 FIX rheldebian debianfedora fedora libreofficeapache 14y ago Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application c…
CVE-2012-2334 medium 6.8 FIX debian debian apachelibreoffice 14y ago Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service…
CVE-2012-0037 medium 6.5 6.5 rhelfedora fedoradebian debian librdflibreofficeapache 14y ago Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read…
CVE-2011-3620 high 7.5 apache 14y ago Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster…
CVE-2012-0883 medium 6.9 FIX debian debiansuse suse apache 14y ago envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the …
CVE-2012-1574 medium 6.5 apachecloudera 14y ago Apache Hadoop allows impersonation of arbitrary cluster user accounts
CVE-2012-0256 medium 5.0 FIX debian debian apache 14y ago Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long …
CVE-2012-1089 medium 5.0 apache 14y ago Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wi…
CVE-2012-0047 medium 4.3 apache 14y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
CVE-2012-1181 medium 5.0 FIX debian debian apache 14y ago fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to…
CVE-2012-0840 medium 6.0 EXPFIX debian debian apache 15y ago tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependen…
CVE-2012-1007 medium 5.3 EXP apache 15y ago Withdrawn Advisory: Apache Struts XSS
CVE-2012-1006 medium 5.3 EXP apache 15y ago Apache Struts Multiple Cross-site Scripting Vulnerabilities
CVE-2012-0053 medium 5.3 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to …
CVE-2012-0021 low 2.6 FIX debian debian apache 15y ago The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, w…
CVE-2012-0022 medium 5.0 apache 15y ago Denial of Service in Apache Tomcat
CVE-2011-3375 medium 5.0 apache 15y ago Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
CVE-2012-0031 medium 5.6 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a …
CVE-2011-5064 medium 4.3 apache 15y ago Use of Hard-coded Cryptographic Key in Apache Tomcat
CVE-2011-5063 medium 4.3 apache 15y ago Improper Authentication in Apache Tomcat
CVE-2011-5062 medium 5.0 apache 15y ago Improper Authentication in Apache Tomcat
CVE-2011-1184 medium 5.0 apache 15y ago Authentication Bypass in Apache Tomcat
CVE-2011-5057 medium 6.0 EXP apache 15y ago Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attacke…
CVE-2012-0394 medium 7.8 EXP apache 15y ago Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
CVE-2012-0393 medium 7.4 EXP apache 15y ago Apache Struts's ParameterInterceptor component does not prevent access to public constructors
CVE-2012-0392 medium 7.8 EXP apache 15y ago Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
CVE-2011-4858 medium 6.0 EXP apache 15y ago Improper Input Validation in Apache Tomcat
CVE-2011-4905 medium 5.0 FIX debian debian apache 15y ago Denial of Service in Apache ActiveMQ
CVE-2011-5034 high 8.8 EXP apache 15y ago Apache Geronimo Hash Collisions Cause DoS
CVE-2007-6750 medium 6.0 EXPFIX debian debian apache 15y ago The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtime…
CVE-2011-4317 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use o…
CVE-2011-3639 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2…
CVE-2011-3376 medium 4.4 apache 15y ago org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privi…
CVE-2011-4415 low 2.2 EXPFIX debian debian apache 15y ago The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of envi…
CVE-2011-3607 medium 5.4 EXPFIX debian debian apache 15y ago Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to ga…
CVE-2011-3368 medium 6.0 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch patte…
CVE-2000-1247 low 2.1 apache 15y ago The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensiti…
CVE-2011-3348 medium 4.3 FIX debian debian rhel apacheredhat 15y ago The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error s…
CVE-2010-4340 medium 4.3 FIX debian debian apache 15y ago libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM…
CVE-2011-3190 high 7.5 apache 15y ago Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
CVE-2011-3192 high 8.8 EXPFIX debian debianubuntu ubuntususe suse apache 15y ago The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range head…
CVE-2011-2712 low 2.6 apache 15y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspe…
CVE-2011-2729 medium 5.0 FIX debian debian linux-kernel apache 15y ago native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on…
CVE-2011-2481 medium 4.6 apache 15y ago Apache Tomcat Allows Replacing of XML Parser
CVE-2011-2688 high 7.5 FIX debian debian mod_authnz_external_projectapache 15y ago SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the use…
CVE-2011-2526 medium 4.4 apache 15y ago Improper Input Validation in Apache Tomcat
CVE-2011-2516 medium 5.0 FIX debian debian apacheshibboleth 15y ago Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of servic…
CVE-2011-1498 medium 4.3 FIX debian debian apache 15y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
CVE-2011-2204 low 1.9 apache 15y ago Insertion of Sensitive Information into Log File in Apache Tomcat
CVE-2011-1921 medium 4.3 FIX debian debian apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce…
CVE-2011-1783 medium 4.3 FIX macos macosdebian debianubuntu ubuntu apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to…
CVE-2011-1752 medium 5.0 FIX macos macosdebian debianubuntu ubuntu apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) …
CVE-2011-2329 medium 6.5 apache 15y ago The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers…
CVE-2011-1077 medium 4.3 apache 15y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1026 medium 6.8 apache 15y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
CVE-2011-1928 medium 4.3 FIX debian debian apache 15y ago The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infi…
CVE-2011-1582 medium 4.3 apache 15y ago Access restriction bypass in Apache Tomcat
CVE-2011-0419 medium 5.3 EXPFIX debian debianmacos macosfreebsd freebsd apache 15y ago Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in …
CVE-2011-2088 medium 5.0 apacheopensymphony 15y ago XWork in Apache Struts Reveals Sensitive Information
CVE-2011-2087 medium 4.3 apache 15y ago Apache Struts Multiple XSS Vulnerabilities
CVE-2011-1772 low 3.6 EXP apacheopensymphony 15y ago Cross-site Scripting in Apache Struts
CVE-2011-1475 medium 5.0 apache 15y ago Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
CVE-2011-1183 medium 5.8 apache 15y ago Access controll bypass in Apache Tomcat
CVE-2011-1176 medium 4.3 FIX debian debian mpm-itk_projectapache 15y ago The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration section…
CVE-2011-1419 medium 5.8 apache 15y ago Apache Tomcat does not follow ServletSecurity annotations
CVE-2011-1088 medium 5.8 apache 15y ago Apache Tomcat allows remote attackers to bypass intended access restrictions
CVE-2011-0715 medium 4.3 FIX debian debian apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) …
CVE-2011-0013 medium 4.3 apache 16y ago Improper Neutralization of Input During Web Page Generation in Apache Tomcat
CVE-2011-0533 medium 4.3 apache 16y ago Apache Continuum and Archiva vulnerable to Cross-site Scripting
CVE-2011-0534 medium 5.0 apache 16y ago Apache Tomcat does not enforce the maxHttpHeaderSize limit
CVE-2010-3718 low 1.2 apache 16y ago Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
CVE-2010-3854 medium 4.3 apache 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML…
CVE-2010-3689 medium 6.9 debian debianubuntu ubuntu apache 16y ago soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current…
CVE-2010-4644 low 3.5 FIX debian debian apache 16y ago Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the bla…