VIR Vulnerability Intelligence Relay

Search

Found 705 results in 113ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2012-1149 high 7.5 FIX rheldebian debianfedora fedora libreofficeapache 14y ago Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application c…
CVE-2012-2334 medium 6.8 FIX debian debian apachelibreoffice 14y ago Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service…
CVE-2012-0037 medium 6.5 6.5 rhelfedora fedoradebian debian librdflibreofficeapache 14y ago Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read…
CVE-2011-3620 high 7.5 apache 14y ago Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster…
CVE-2012-0883 medium 6.9 FIX debian debiansuse suse apache 14y ago envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the …
CVE-2012-1574 medium 6.5 apachecloudera 14y ago Apache Hadoop allows impersonation of arbitrary cluster user accounts
CVE-2012-0256 medium 5.0 FIX debian debian apache 14y ago Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long …
CVE-2012-1089 medium 5.0 apache 14y ago Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wi…
CVE-2012-0047 medium 4.3 apache 14y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
CVE-2012-1181 medium 5.0 FIX debian debian apache 14y ago fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to…
CVE-2012-0840 medium 6.0 EXPFIX debian debian apache 15y ago tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependen…
CVE-2012-1007 medium 5.3 EXP apache 15y ago Withdrawn Advisory: Apache Struts XSS
CVE-2012-1006 medium 5.3 EXP apache 15y ago Apache Struts Multiple Cross-site Scripting Vulnerabilities
CVE-2012-0053 medium 5.3 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to …
CVE-2012-0022 medium 5.0 apache 15y ago Denial of Service in Apache Tomcat
CVE-2011-3375 medium 5.0 apache 15y ago Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
CVE-2012-0031 medium 5.6 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a …
CVE-2011-5064 medium 4.3 apache 15y ago Use of Hard-coded Cryptographic Key in Apache Tomcat
CVE-2011-5063 medium 4.3 apache 15y ago Improper Authentication in Apache Tomcat
CVE-2011-5062 medium 5.0 apache 15y ago Improper Authentication in Apache Tomcat
CVE-2011-1184 medium 5.0 apache 15y ago Authentication Bypass in Apache Tomcat
CVE-2011-5057 medium 6.0 EXP apache 15y ago Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attacke…
CVE-2012-0394 medium 7.8 EXP apache 15y ago Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
CVE-2012-0393 medium 7.4 EXP apache 15y ago Apache Struts's ParameterInterceptor component does not prevent access to public constructors
CVE-2012-0392 medium 7.8 EXP apache 15y ago Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
CVE-2011-4858 medium 6.0 EXP apache 15y ago Improper Input Validation in Apache Tomcat
CVE-2011-4905 medium 5.0 FIX debian debian apache 15y ago Denial of Service in Apache ActiveMQ
CVE-2011-5034 high 8.8 EXP apache 15y ago Apache Geronimo Hash Collisions Cause DoS
CVE-2007-6750 medium 6.0 EXPFIX debian debian apache 15y ago The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtime…
CVE-2011-4317 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use o…
CVE-2011-3639 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2…
CVE-2011-3376 medium 4.4 apache 15y ago org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privi…
CVE-2011-3607 medium 5.4 EXPFIX debian debian apache 15y ago Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to ga…
CVE-2011-3368 medium 6.0 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch patte…
CVE-2011-3348 medium 4.3 FIX debian debian rhel apacheredhat 15y ago The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error s…
CVE-2010-4340 medium 4.3 FIX debian debian apache 15y ago libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM…
CVE-2011-3190 high 7.5 apache 15y ago Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
CVE-2011-3192 high 8.8 EXPFIX debian debianubuntu ubuntususe suse apache 15y ago The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range head…
CVE-2011-2729 medium 5.0 FIX debian debian linux-kernel apache 15y ago native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on…
CVE-2011-2481 medium 4.6 apache 15y ago Apache Tomcat Allows Replacing of XML Parser
CVE-2011-2688 high 7.5 FIX debian debian mod_authnz_external_projectapache 15y ago SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the use…
CVE-2011-2526 medium 4.4 apache 15y ago Improper Input Validation in Apache Tomcat
CVE-2011-2516 medium 5.0 FIX debian debian apacheshibboleth 15y ago Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of servic…
CVE-2011-1498 medium 4.3 FIX debian debian apache 15y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
CVE-2011-1921 medium 4.3 FIX debian debian apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce…
CVE-2011-1783 medium 4.3 FIX macos macosdebian debianubuntu ubuntu apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to…
CVE-2011-1752 medium 5.0 FIX macos macosdebian debianubuntu ubuntu apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) …
CVE-2011-2329 medium 6.5 apache 15y ago The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers…
CVE-2011-1077 medium 4.3 apache 15y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1026 medium 6.8 apache 15y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
CVE-2011-1928 medium 4.3 FIX debian debian apache 15y ago The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infi…
CVE-2011-1582 medium 4.3 apache 15y ago Access restriction bypass in Apache Tomcat
CVE-2011-0419 medium 5.3 EXPFIX debian debianmacos macosfreebsd freebsd apache 15y ago Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in …
CVE-2011-2088 medium 5.0 apacheopensymphony 15y ago XWork in Apache Struts Reveals Sensitive Information
CVE-2011-2087 medium 4.3 apache 15y ago Apache Struts Multiple XSS Vulnerabilities
CVE-2011-1475 medium 5.0 apache 15y ago Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
CVE-2011-1183 medium 5.8 apache 15y ago Access controll bypass in Apache Tomcat
CVE-2011-1176 medium 4.3 FIX debian debian mpm-itk_projectapache 15y ago The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration section…
CVE-2011-1419 medium 5.8 apache 15y ago Apache Tomcat does not follow ServletSecurity annotations
CVE-2011-1088 medium 5.8 apache 15y ago Apache Tomcat allows remote attackers to bypass intended access restrictions
CVE-2011-0715 medium 4.3 FIX debian debian apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) …
CVE-2011-0013 medium 4.3 apache 16y ago Improper Neutralization of Input During Web Page Generation in Apache Tomcat
CVE-2011-0533 medium 4.3 apache 16y ago Apache Continuum and Archiva vulnerable to Cross-site Scripting
CVE-2011-0534 medium 5.0 apache 16y ago Apache Tomcat does not enforce the maxHttpHeaderSize limit
CVE-2010-3854 medium 4.3 apache 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML…
CVE-2010-3689 medium 6.9 debian debianubuntu ubuntu apache 16y ago soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current…
CVE-2010-4539 medium 6.8 FIX debian debian apache 16y ago The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (N…
CVE-2010-4494 high 7.5 FIX debian debianmacos macossuse suse googlexmlsoftapple 16y ago Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have un…
CVE-2010-4408 medium 6.8 apache 16y ago Apache Archiva does not require entry of the administrator's password at the time of modifying a user account
CVE-2010-3449 medium 7.8 EXP jesse_mcconnellapache 16y ago Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum…
CVE-2010-4312 medium 6.4 apache 16y ago Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
CVE-2010-4172 medium 5.3 EXP apache 16y ago Improper Neutralization of Input During Web Page Generation in Apache Tomcat
CVE-2010-3872 high 7.5 7.5 FIX debian debian apache 16y ago A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() …
CVE-2010-4008 medium 4.3 FIX debian debiansuse susemacos macos googleapplexmlsoft 16y ago libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressi…
CVE-2010-3863 medium 6.0 EXPFIX debian debian apachejsecurity 16y ago Apache Shiro Path Traversal vulnerability
CVE-2010-2057 medium 5.0 apache 16y ago Improper Authentication in Apache MyFaces
CVE-2009-5006 medium 4.0 apache 16y ago The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and o…
CVE-2009-5005 medium 5.0 apache 16y ago The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daem…
CVE-2010-3083 medium 4.3 apache 16y ago sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon out…
CVE-2010-3315 medium 6.0 FIX debian debian apache 16y ago authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not prop…
CVE-2010-1623 medium 5.0 FIX debian debian apache 16y ago Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Ap…
CVE-2010-2953 medium 6.9 apache 16y ago Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current worki…
CVE-2010-2952 medium 4.3 FIX debian debian apache 16y ago Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, w…
CVE-2010-2234 medium 6.8 apache 16y ago Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation UR…
CVE-2010-1870 medium 6.0 EXP apache 16y ago Server side object manipulation in Apache Struts
CVE-2010-2791 medium 5.0 FIX debian debian apache 16y ago mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remo…
CVE-2009-2696 medium 4.3 rhel apache 16y ago Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Lin…
CVE-2010-1452 medium 5.0 FIX debian debian apache 16y ago The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
CVE-2010-2227 medium 7.4 EXP apache 16y ago Apache Tomcat does not properly handle an invalid Transfer-Encoding header
CVE-2010-1632 high 7.5 ibmapache 16y ago Improper Input Validation in Apache Axis2
CVE-2010-2068 medium 5.0 FIX debian debian apache 16y ago mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, …
CVE-2010-2103 medium 5.3 EXPFIX debian debian apache3comsap 16y ago Improper Neutralization of Input During Web Page Generation in Apache Axis2
CVE-2010-2086 medium 4.0 apache 16y ago Apache MyFaces Cross-site Scripting vulnerability
CVE-2010-1587 medium 6.0 EXP apache 16y ago Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
CVE-2010-1151 medium 6.8 apache 16y ago Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interactio…
CVE-2010-0432 medium 5.3 EXP apache 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inje…
CVE-2010-1244 medium 6.8 apache 16y ago Cross-site request forgery in Apache ActiveMQ
CVE-2010-0009 medium 4.3 apache 16y ago Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
CVE-2010-0434 medium 4.3 FIX debian debianfedora fedora apache 17y ago The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumsta…
CVE-2010-0408 medium 5.0 FIX debian debian apache 17y ago The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body…