Filtered by vendor Apache
Subscriptions
Total
2632 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1773 | 1 Apache | 1 Flex | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. | ||||
| CVE-2015-5259 | 1 Apache | 1 Subversion | 2025-04-12 | N/A |
| Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. | ||||
| CVE-2014-3596 | 2 Apache, Redhat | 3 Axis, Enterprise Linux, Jboss Enterprise Portal Platform | 2025-04-12 | N/A |
| The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784. | ||||
| CVE-2014-3580 | 4 Apache, Apple, Debian and 1 more | 9 Subversion, Xcode, Debian Linux and 6 more | 2025-04-12 | N/A |
| The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. | ||||
| CVE-2016-0956 | 5 Adobe, Apache, Apple and 2 more | 5 Experience Manager, Sling, Mac Os X and 2 more | 2025-04-12 | N/A |
| The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-3584 | 2 Apache, Redhat | 2 Cxf, Jboss Fuse | 2025-04-12 | N/A |
| The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. | ||||
| CVE-2016-0709 | 1 Apache | 1 Jetspeed | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp." | ||||
| CVE-2015-1832 | 1 Apache | 1 Derby | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype. | ||||
| CVE-2015-3183 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2025-04-12 | N/A |
| The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c. | ||||
| CVE-2014-3574 | 2 Apache, Redhat | 6 Poi, Jboss Bpms, Jboss Brms and 3 more | 2025-04-12 | N/A |
| Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | ||||
| CVE-2015-3184 | 3 Apache, Apple, Redhat | 4 Http Server, Subversion, Xcode and 1 more | 2025-04-12 | N/A |
| mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. | ||||
| CVE-2014-0050 | 3 Apache, Oracle, Redhat | 16 Commons Fileupload, Tomcat, Retail Applications and 13 more | 2025-04-12 | N/A |
| MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. | ||||
| CVE-2014-3525 | 1 Apache | 1 Traffic Server | 2025-04-12 | N/A |
| Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. | ||||
| CVE-2014-3503 | 1 Apache | 1 Syncope | 2025-04-12 | N/A |
| Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack. | ||||
| CVE-2014-3502 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | ||||
| CVE-2016-2164 | 1 Apache | 1 Openmeetings | 2025-04-12 | N/A |
| The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file. | ||||
| CVE-2015-1833 | 1 Apache | 1 Jackrabbit | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request. | ||||
| CVE-2015-3187 | 3 Apache, Apple, Redhat | 3 Subversion, Xcode, Enterprise Linux | 2025-04-12 | N/A |
| The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. | ||||
| CVE-2015-5344 | 2 Apache, Redhat | 2 Camel, Jboss Fuse | 2025-04-12 | N/A |
| The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | ||||
| CVE-2012-1621 | 1 Apache | 1 Ofbiz | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information. | ||||