Filtered by vendor Apache
Subscribe
Total
349 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3082 | 1 Apache | 1 Struts | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter. | |||||
CVE-2015-5254 | 3 Apache, Fedoraproject, Redhat | 3 Activemq, Fedora, Openshift | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. | |||||
CVE-2015-1832 | 1 Apache | 1 Derby | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype. | |||||
CVE-2016-4432 | 1 Apache | 1 Qpid Broker-j | 2023-12-10 | 5.0 MEDIUM | 9.1 CRITICAL |
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging. | |||||
CVE-2016-2170 | 1 Apache | 1 Ofbiz | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
CVE-2016-4464 | 1 Apache | 1 Cxf Fediz | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature. | |||||
CVE-2016-0733 | 1 Apache | 1 Ranger | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username. | |||||
CVE-2016-3087 | 1 Apache | 1 Struts | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin. | |||||
CVE-2015-5344 | 1 Apache | 1 Camel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. |