Filtered by vendor Apache
Subscriptions
Total
2632 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0684 | 1 Apache | 1 Activemq | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. | ||||
| CVE-2013-6480 | 1 Apache | 1 Libcloud | 2025-04-11 | N/A |
| Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM. | ||||
| CVE-2011-3376 | 1 Apache | 1 Tomcat | 2025-04-11 | N/A |
| org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. | ||||
| CVE-2010-3315 | 2 Apache, Redhat | 2 Subversion, Enterprise Linux | 2025-04-11 | N/A |
| authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | ||||
| CVE-2011-3375 | 2 Apache, Redhat | 2 Tomcat, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data. | ||||
| CVE-2013-4212 | 1 Apache | 1 Roller | 2025-04-11 | N/A |
| Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection." | ||||
| CVE-2010-1244 | 1 Apache | 1 Activemq | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action. | ||||
| CVE-2011-1088 | 1 Apache | 1 Tomcat | 2025-04-11 | N/A |
| Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. | ||||
| CVE-2013-4002 | 10 Apache, Canonical, Hp and 7 more | 31 Xerces2 Java, Ubuntu Linux, Hp-ux and 28 more | 2025-04-11 | N/A |
| XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. | ||||
| CVE-2009-2901 | 1 Apache | 1 Tomcat | 2025-04-11 | N/A |
| The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. | ||||
| CVE-2007-6750 | 1 Apache | 1 Http Server | 2025-04-11 | N/A |
| The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15. | ||||
| CVE-2010-4172 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications. | ||||
| CVE-2013-4131 | 1 Apache | 1 Subversion | 2025-04-11 | N/A |
| The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. | ||||
| CVE-2013-4517 | 2 Apache, Redhat | 10 Santuario Xml Security For Java, Jboss Bpms, Jboss Brms and 7 more | 2025-04-11 | N/A |
| Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures. | ||||
| CVE-2010-4008 | 9 Apache, Apple, Canonical and 6 more | 16 Openoffice, Iphone Os, Itunes and 13 more | 2025-04-11 | N/A |
| libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | ||||
| CVE-2010-1452 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. | ||||
| CVE-2010-2791 | 3 Apache, Redhat, Unix | 3 Http Server, Enterprise Linux, Unix | 2025-04-11 | N/A |
| mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions. | ||||
| CVE-2010-3450 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files. | ||||
| CVE-2011-1783 | 6 Apache, Apple, Canonical and 3 more | 6 Subversion, Mac Os X, Ubuntu Linux and 3 more | 2025-04-11 | N/A |
| The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. | ||||
| CVE-2010-0395 | 7 Apache, Canonical, Debian and 4 more | 7 Openoffice, Ubuntu Linux, Debian Linux and 4 more | 2025-04-11 | N/A |
| OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. | ||||