Filtered by vendor Apache
Subscribe
Total
2238 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0743 | 1 Apache | 1 Log4net | 2017-07-20 | 5.0 MEDIUM | N/A |
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | |||||
CVE-2017-7664 | 1 Apache | 1 Openmeetings | 2017-07-19 | 7.5 HIGH | 10.0 CRITICAL |
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | |||||
CVE-2017-7663 | 1 Apache | 1 Openmeetings | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | |||||
CVE-2017-7666 | 1 Apache | 1 Openmeetings | 2017-07-19 | 6.8 MEDIUM | 8.8 HIGH |
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | |||||
CVE-2017-7681 | 1 Apache | 1 Openmeetings | 2017-07-19 | 6.5 MEDIUM | 8.8 HIGH |
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. | |||||
CVE-2017-7683 | 1 Apache | 1 Openmeetings | 2017-07-19 | 5.0 MEDIUM | 7.5 HIGH |
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | |||||
CVE-2017-5659 | 1 Apache | 1 Traffic Server | 2017-07-11 | 5.0 MEDIUM | 7.5 HIGH |
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | |||||
CVE-2016-5396 | 1 Apache | 1 Traffic Server | 2017-07-11 | 7.8 HIGH | 7.5 HIGH |
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | |||||
CVE-2005-0808 | 1 Apache | 1 Tomcat | 2017-07-11 | 5.0 MEDIUM | N/A |
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | |||||
CVE-2005-0108 | 1 Apache | 1 Mod Auth Radius | 2017-07-11 | 5.0 MEDIUM | N/A |
Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. | |||||
CVE-2004-1575 | 1 Apache | 1 Xerces-c\+\+ | 2017-07-11 | 5.0 MEDIUM | N/A |
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document. | |||||
CVE-2003-1172 | 1 Apache | 1 Cocoon | 2017-07-11 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter. | |||||
CVE-2003-0044 | 1 Apache | 1 Tomcat | 2017-07-11 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. | |||||
CVE-2003-0042 | 1 Apache | 1 Tomcat | 2017-07-11 | 5.0 MEDIUM | N/A |
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. | |||||
CVE-2002-1658 | 1 Apache | 1 Http Server | 2017-07-11 | 4.6 MEDIUM | N/A |
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
CVE-2001-1563 | 2 Apache, Hp | 2 Tomcat, Secure Os | 2017-07-11 | 7.5 HIGH | N/A |
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers. | |||||
CVE-2001-1449 | 2 Apache, Mandrakesoft | 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | |||||
CVE-2017-7686 | 1 Apache | 1 Ignite | 2017-07-06 | 5.0 MEDIUM | 7.5 HIGH |
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information. | |||||
CVE-2015-5259 | 1 Apache | 1 Subversion | 2017-07-01 | 9.0 HIGH | 8.6 HIGH |
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. | |||||
CVE-2015-5214 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2017-07-01 | 6.8 MEDIUM | N/A |
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. |