Filtered by vendor Apache
Subscriptions
Total
2612 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3502 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | ||||
| CVE-2014-3501 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. | ||||
| CVE-2015-5349 | 1 Apache | 2 Directory Studio, Ldap Studio | 2025-04-12 | 7.8 High |
| The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet. | ||||
| CVE-2015-5343 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2025-04-12 | N/A |
| Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. | ||||
| CVE-2014-3500 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | ||||
| CVE-2014-3503 | 1 Apache | 1 Syncope | 2025-04-12 | N/A |
| Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack. | ||||
| CVE-2014-1972 | 1 Apache | 1 Tapestry | 2025-04-12 | N/A |
| Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data. | ||||
| CVE-2014-1884 | 3 Adobe, Apache, Microsoft | 3 Phonegap, Cordova, Windows Phone | 2025-04-12 | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. | ||||
| CVE-2014-1882 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2025-04-12 | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. | ||||
| CVE-2014-10022 | 1 Apache | 1 Traffic Server | 2025-04-12 | N/A |
| Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. | ||||
| CVE-2015-5256 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI. | ||||
| CVE-2014-0232 | 1 Apache | 1 Ofbiz | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message. | ||||
| CVE-2015-6524 | 2 Apache, Fedoraproject | 2 Activemq, Fedora | 2025-04-12 | N/A |
| The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. | ||||
| CVE-2014-0228 | 1 Apache | 1 Hive | 2025-04-12 | N/A |
| Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI. | ||||
| CVE-2015-5253 | 2 Apache, Redhat | 2 Cxf, Jboss Fuse | 2025-04-12 | N/A |
| The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." | ||||
| CVE-2014-0227 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more | 2025-04-12 | N/A |
| java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. | ||||
| CVE-2014-0116 | 1 Apache | 1 Struts | 2025-04-12 | N/A |
| CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. | ||||
| CVE-2014-0113 | 1 Apache | 1 Struts | 2025-04-12 | N/A |
| CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. | ||||
| CVE-2015-5210 | 1 Apache | 1 Ambari | 2025-04-12 | N/A |
| Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. | ||||
| CVE-2014-0110 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. | ||||