Filtered by vendor Apache
Subscribe
Total
2238 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0031 | 1 Apache | 1 Cloudstack | 2014-02-25 | 4.0 MEDIUM | N/A |
The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. | |||||
CVE-2013-2055 | 1 Apache | 1 Wicket | 2014-02-11 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup. | |||||
CVE-2013-4505 | 1 Apache | 2 Mod Dontdothat, Subversion | 2013-12-20 | 2.6 LOW | N/A |
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. | |||||
CVE-2013-4171 | 1 Apache | 1 Roller | 2013-12-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates. | |||||
CVE-2013-6348 | 1 Apache | 1 Struts | 2013-11-25 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/. | |||||
CVE-2013-4390 | 1 Apache | 2 Sling, Sling Auth Core Component | 2013-10-25 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS." | |||||
CVE-2013-4295 | 1 Apache | 1 Shindig | 2013-10-24 | 5.0 MEDIUM | N/A |
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2013-5697 | 2 Apache, Simone Tellini | 2 Http Server, Mod Accounting | 2013-10-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header. | |||||
CVE-2012-2380 | 1 Apache | 1 Roller | 2013-10-04 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality. | |||||
CVE-2012-2381 | 1 Apache | 1 Roller | 2013-10-03 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. | |||||
CVE-2013-1814 | 1 Apache | 1 Rave | 2013-07-03 | 4.0 MEDIUM | N/A |
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response. | |||||
CVE-2013-0941 | 3 Apache, Microsoft, Rsa | 7 Http Server, Internet Information Server, Windows and 4 more | 2013-05-23 | 2.1 LOW | N/A |
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. | |||||
CVE-2013-0942 | 3 Apache, Emc, Microsoft | 3 Http Server, Rsa Authentication Agent, Internet Information Server | 2013-05-22 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-0256 | 1 Apache | 1 Traffic Server | 2013-03-26 | 5.0 MEDIUM | N/A |
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. | |||||
CVE-2012-4458 | 1 Apache | 1 Qpid | 2013-03-19 | 5.0 MEDIUM | N/A |
The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message. | |||||
CVE-2012-4459 | 1 Apache | 1 Qpid | 2013-03-19 | 5.0 MEDIUM | N/A |
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read. | |||||
CVE-2012-4446 | 1 Apache | 1 Qpid | 2013-03-19 | 6.8 MEDIUM | N/A |
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. | |||||
CVE-2012-4418 | 1 Apache | 1 Axis2 | 2013-01-30 | 5.8 MEDIUM | N/A |
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | |||||
CVE-2012-4501 | 2 Apache, Citrix | 2 Cloudstack, Cloudstack | 2012-10-26 | 10.0 HIGH | N/A |
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. | |||||
CVE-2011-3620 | 1 Apache | 1 Qpid | 2012-08-14 | 7.5 HIGH | N/A |
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username. |