Filtered by vendor Apache
Subscribe
Total
2223 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8152 | 1 Apache | 1 Santuario Xml Security For Java | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document. | |||||
CVE-2014-0113 | 1 Apache | 1 Struts | 2023-12-10 | 7.5 HIGH | N/A |
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. | |||||
CVE-2015-2091 | 1 Apache | 1 Mod-gnutls | 2023-12-10 | 5.0 MEDIUM | N/A |
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate. | |||||
CVE-2015-0252 | 3 Apache, Debian, Fedoraproject | 3 Xerces-c\+\+, Debian Linux, Fedora | 2023-12-10 | 5.0 MEDIUM | N/A |
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. | |||||
CVE-2014-1882 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2023-12-10 | 7.5 HIGH | N/A |
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. | |||||
CVE-2014-0227 | 1 Apache | 1 Tomcat | 2023-12-10 | 6.4 MEDIUM | N/A |
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. | |||||
CVE-2012-5649 | 1 Apache | 1 Couchdb | 2023-12-10 | 6.8 MEDIUM | N/A |
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | |||||
CVE-2014-3580 | 4 Apache, Apple, Debian and 1 more | 8 Subversion, Xcode, Debian Linux and 5 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. | |||||
CVE-2014-3502 | 1 Apache | 1 Cordova | 2023-12-10 | 4.3 MEDIUM | N/A |
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | |||||
CVE-2013-2193 | 1 Apache | 1 Hbase | 2023-12-10 | 4.3 MEDIUM | N/A |
Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors. | |||||
CVE-2014-9527 | 2 Apache, Fedoraproject | 2 Poi, Fedora | 2023-12-10 | 5.0 MEDIUM | N/A |
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. | |||||
CVE-2014-0033 | 1 Apache | 1 Tomcat | 2023-12-10 | 4.3 MEDIUM | N/A |
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL. | |||||
CVE-2015-1774 | 6 Apache, Canonical, Debian and 3 more | 8 Openoffice, Ubuntu Linux, Debian Linux and 5 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. | |||||
CVE-2014-3584 | 1 Apache | 1 Cxf | 2023-12-10 | 5.0 MEDIUM | N/A |
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. | |||||
CVE-2013-2758 | 2 Apache, Citrix | 2 Cloudstack, Cloudplatform | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack. | |||||
CVE-2014-0109 | 1 Apache | 1 Cxf | 2023-12-10 | 4.3 MEDIUM | N/A |
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. | |||||
CVE-2014-3574 | 1 Apache | 1 Poi | 2023-12-10 | 4.3 MEDIUM | N/A |
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | |||||
CVE-2013-4590 | 3 Apache, Debian, Oracle | 3 Tomcat, Debian Linux, Solaris | 2023-12-10 | 4.3 MEDIUM | N/A |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2012-6153 | 1 Apache | 1 Commons-httpclient | 2023-12-10 | 4.3 MEDIUM | N/A |
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783. | |||||
CVE-2014-3629 | 1 Apache | 1 Qpid | 2023-12-10 | 4.3 MEDIUM | N/A |
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. |