Filtered by vendor Apache
Subscribe
Total
2238 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3186 | 1 Apache | 1 Ambari | 2015-11-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. | |||||
CVE-2015-1775 | 1 Apache | 1 Ambari | 2015-11-04 | 5.5 MEDIUM | N/A |
Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call. | |||||
CVE-2015-1773 | 1 Apache | 1 Flex | 2015-10-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. | |||||
CVE-2014-9593 | 1 Apache | 1 Cloudstack | 2015-01-16 | 5.0 MEDIUM | N/A |
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. | |||||
CVE-2014-10022 | 1 Apache | 1 Traffic Server | 2015-01-14 | 5.0 MEDIUM | N/A |
Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. | |||||
CVE-2014-3502 | 1 Apache | 1 Cordova | 2014-11-17 | 4.3 MEDIUM | N/A |
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | |||||
CVE-2014-3501 | 1 Apache | 1 Cordova | 2014-11-17 | 4.3 MEDIUM | N/A |
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. | |||||
CVE-2014-3500 | 1 Apache | 1 Cordova | 2014-11-17 | 6.4 MEDIUM | N/A |
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | |||||
CVE-2014-0074 | 1 Apache | 1 Shiro | 2014-10-07 | 7.5 HIGH | N/A |
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. | |||||
CVE-2013-6398 | 1 Apache | 1 Cloudstack | 2014-09-04 | 2.8 LOW | N/A |
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | |||||
CVE-2013-6407 | 1 Apache | 1 Solr | 2014-07-17 | 6.4 MEDIUM | N/A |
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2012-5649 | 1 Apache | 1 Couchdb | 2014-05-30 | 6.8 MEDIUM | N/A |
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | |||||
CVE-2013-4310 | 1 Apache | 1 Struts | 2014-05-05 | 5.8 MEDIUM | N/A |
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. | |||||
CVE-2013-7372 | 2 Apache, Google | 2 Harmony, Android | 2014-04-30 | 5.0 MEDIUM | N/A |
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013. | |||||
CVE-2013-1777 | 2 Apache, Ibm | 2 Geronimo, Websphere Application Server | 2014-04-01 | 10.0 HIGH | N/A |
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object. | |||||
CVE-2012-6612 | 1 Apache | 1 Solr | 2014-03-08 | 7.5 HIGH | N/A |
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. | |||||
CVE-2012-6637 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2014-03-03 | 7.5 HIGH | N/A |
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring. | |||||
CVE-2014-1881 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2014-03-03 | 7.5 HIGH | N/A |
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization. | |||||
CVE-2014-1884 | 3 Adobe, Apache, Microsoft | 3 Phonegap, Cordova, Windows Phone | 2014-03-03 | 7.5 HIGH | N/A |
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. | |||||
CVE-2014-1882 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2014-03-03 | 7.5 HIGH | N/A |
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. |