Filtered by vendor Apache Subscriptions

Search

Switch to Advanced Search (Beta)
Total 2647 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-2487 2 Apache, Redhat 12 Cxf, Wss4j, Jboss Business Rules Management System and 9 more 2024-11-21 5.9 Medium
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2011-2177 1 Apache 1 Openoffice 2024-11-21 7.8 High
OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.
CVE-2009-5004 2 Apache, Redhat 2 Qpid-cpp, Enterprise Mrg 2024-11-21 6.5 Medium
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .
CVE-2009-4267 1 Apache 1 Juddi 2024-11-21 N/A
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.
CVE-2024-42361 1 Apache 1 Hertzbeat 2024-09-03 7.5 High
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.
CVE-2024-42362 2 Apache, Dromara 2 Hertzbeat, Hertzbeat 2024-08-28 8.8 High
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.
CVE-2016-4347 1 Apache 1 Tomcat 2023-11-07 N/A
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7558. Reason: This candidate is a reservation duplicate of CVE-2015-7558. Notes: All CVE users should reference CVE-2015-7558 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage