Filtered by vendor Apache
Subscribe
Total
2281 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2098 | 1 Apache | 1 Commons Compress | 2024-02-28 | 5.0 MEDIUM | N/A |
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs. | |||||
CVE-2013-2088 | 3 Apache, Collabnet, Opensuse | 3 Subversion, Subversion, Opensuse | 2024-02-28 | 7.1 HIGH | N/A |
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. | |||||
CVE-2012-5568 | 2 Apache, Opensuse | 2 Tomcat, Opensuse | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | |||||
CVE-2012-0256 | 1 Apache | 1 Traffic Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. | |||||
CVE-2013-4277 | 1 Apache | 1 Subversion | 2024-02-28 | 3.3 LOW | N/A |
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. | |||||
CVE-2012-2687 | 1 Apache | 1 Http Server | 2024-02-28 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. | |||||
CVE-2013-1777 | 2 Apache, Ibm | 2 Geronimo, Websphere Application Server | 2024-02-28 | 10.0 HIGH | N/A |
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object. | |||||
CVE-2012-6612 | 1 Apache | 1 Solr | 2024-02-28 | 7.5 HIGH | N/A |
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. | |||||
CVE-2012-2381 | 1 Apache | 1 Roller | 2024-02-28 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. | |||||
CVE-2013-1849 | 1 Apache | 1 Subversion | 2024-02-28 | 4.3 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. | |||||
CVE-2012-5633 | 1 Apache | 1 Cxf | 2024-02-28 | 5.8 MEDIUM | N/A |
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. | |||||
CVE-2013-1845 | 2 Apache, Opensuse | 2 Subversion, Opensuse | 2024-02-28 | 2.1 LOW | N/A |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. | |||||
CVE-2012-4459 | 1 Apache | 1 Qpid | 2024-02-28 | 5.0 MEDIUM | N/A |
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read. | |||||
CVE-2013-5697 | 2 Apache, Simone Tellini | 2 Http Server, Mod Accounting | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header. | |||||
CVE-2013-1879 | 1 Apache | 1 Activemq | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message." | |||||
CVE-2013-1847 | 1 Apache | 1 Subversion | 2024-02-28 | 5.0 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. | |||||
CVE-2013-2154 | 1 Apache | 1 Xml Security For C\+\+ | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function. | |||||
CVE-2012-5351 | 1 Apache | 1 Axis2 | 2024-02-28 | 6.4 MEDIUM | N/A |
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418. | |||||
CVE-2013-4212 | 1 Apache | 1 Roller | 2024-02-28 | 6.8 MEDIUM | N/A |
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection." | |||||
CVE-2012-0037 | 6 Apache, Debian, Fedoraproject and 3 more | 13 Openoffice, Debian Linux, Fedora and 10 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. |