Filtered by vendor Apache
Subscribe
Total
2281 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4295 | 1 Apache | 1 Shindig | 2024-02-28 | 5.0 MEDIUM | N/A |
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2013-6398 | 1 Apache | 1 Cloudstack | 2024-02-28 | 2.8 LOW | N/A |
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | |||||
CVE-2012-1149 | 5 Apache, Debian, Fedoraproject and 2 more | 10 Openoffice.org, Debian Linux, Fedora and 7 more | 2024-02-28 | 7.5 HIGH | N/A |
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. | |||||
CVE-2012-4418 | 1 Apache | 1 Axis2 | 2024-02-28 | 5.8 MEDIUM | N/A |
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | |||||
CVE-2012-3467 | 1 Apache | 1 Qpid | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. | |||||
CVE-2012-4534 | 1 Apache | 1 Tomcat | 2024-02-28 | 2.6 LOW | N/A |
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. | |||||
CVE-2012-5783 | 2 Apache, Canonical | 2 Httpclient, Ubuntu Linux | 2024-02-28 | 5.8 MEDIUM | N/A |
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2013-1768 | 1 Apache | 1 Openjpa | 2024-02-28 | 7.5 HIGH | N/A |
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs. | |||||
CVE-2012-5886 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. | |||||
CVE-2012-2665 | 5 Apache, Canonical, Debian and 2 more | 11 Openoffice, Ubuntu Linux, Debian Linux and 8 more | 2024-02-28 | 7.5 HIGH | N/A |
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. | |||||
CVE-2012-5575 | 2 Apache, Redhat | 6 Cxf, Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform and 3 more | 2024-02-28 | 6.4 MEDIUM | N/A |
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." | |||||
CVE-2013-2172 | 1 Apache | 1 Santuario Xml Security For Java | 2024-02-28 | 4.3 MEDIUM | N/A |
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature." | |||||
CVE-2012-2380 | 1 Apache | 1 Roller | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality. | |||||
CVE-2012-3376 | 1 Apache | 1 Hadoop | 2024-02-28 | 7.5 HIGH | N/A |
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts. | |||||
CVE-2013-1965 | 1 Apache | 2 Struts, Struts2-showcase | 2024-02-28 | 9.3 HIGH | N/A |
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect. | |||||
CVE-2012-4360 | 2 Apache, Google | 2 Http Server, Mod Pagespeed | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-0941 | 3 Apache, Microsoft, Rsa | 7 Http Server, Internet Information Server, Windows and 4 more | 2024-02-28 | 2.1 LOW | N/A |
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. | |||||
CVE-2012-3451 | 1 Apache | 1 Cxf | 2024-02-28 | 4.3 MEDIUM | N/A |
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. | |||||
CVE-2013-2156 | 1 Apache | 1 Xml Security For C\+\+ | 2024-02-28 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute. | |||||
CVE-2013-4517 | 1 Apache | 1 Santuario Xml Security For Java | 2024-02-28 | 4.3 MEDIUM | N/A |
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures. |