Filtered by vendor Apache
Subscribe
Total
1977 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1475 | 1 Apache | 1 Tomcat | 2017-09-18 | 5.0 MEDIUM | N/A |
| The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users." | |||||
| CVE-2011-0715 | 1 Apache | 1 Subversion | 2017-09-18 | 4.3 MEDIUM | N/A |
| The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. | |||||
| CVE-2011-1921 | 1 Apache | 1 Subversion | 2017-09-18 | 4.3 MEDIUM | N/A |
| The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. | |||||
| CVE-2010-3315 | 1 Apache | 1 Subversion | 2017-09-18 | 6.0 MEDIUM | N/A |
| authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | |||||
| CVE-2016-4462 | 1 Apache | 1 Ofbiz | 2017-09-12 | 6.5 MEDIUM | 8.8 HIGH |
| By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01 | |||||
| CVE-2016-3086 | 1 Apache | 1 Hadoop | 2017-09-11 | 5.0 MEDIUM | 9.8 CRITICAL |
| The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. | |||||
| CVE-2017-3155 | 1 Apache | 1 Atlas | 2017-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. | |||||
| CVE-2017-3154 | 1 Apache | 1 Atlas | 2017-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. | |||||
| CVE-2017-3152 | 1 Apache | 1 Atlas | 2017-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. | |||||
| CVE-2017-3153 | 1 Apache | 1 Atlas | 2017-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | |||||
| CVE-2016-8752 | 1 Apache | 1 Atlas | 2017-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. | |||||
| CVE-2017-3150 | 1 Apache | 1 Atlas | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. | |||||
| CVE-2016-1513 | 1 Apache | 1 Openoffice | 2017-08-31 | 6.8 MEDIUM | 7.8 HIGH |
| The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file. | |||||
| CVE-2016-4460 | 1 Apache | 1 Pony Mail | 2017-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | |||||
| CVE-2014-3529 | 1 Apache | 1 Poi | 2017-08-28 | 4.3 MEDIUM | N/A |
| The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-3574 | 1 Apache | 1 Poi | 2017-08-28 | 4.3 MEDIUM | N/A |
| Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | |||||
| CVE-2014-0032 | 1 Apache | 1 Subversion | 2017-08-28 | 4.3 MEDIUM | N/A |
| The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. | |||||
| CVE-2014-3525 | 1 Apache | 1 Traffic Server | 2017-08-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. | |||||
| CVE-2013-2136 | 1 Apache | 1 Cloudstack | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings. | |||||
| CVE-2013-1879 | 1 Apache | 1 Activemq | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message." | |||||