Filtered by vendor Apache
Subscriptions
Total
2605 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1752 | 6 Apache, Apple, Canonical and 3 more | 6 Subversion, Mac Os X, Ubuntu Linux and 3 more | 2025-04-11 | N/A |
| The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. | ||||
| CVE-2013-2154 | 1 Apache | 1 Xml Security For C\+\+ | 2025-04-11 | N/A |
| Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function. | ||||
| CVE-2010-0009 | 1 Apache | 1 Couchdb | 2025-04-11 | N/A |
| Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords. | ||||
| CVE-2013-2153 | 1 Apache | 1 Xml Security For C\+\+ | 2025-04-11 | N/A |
| The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue." | ||||
| CVE-2013-2155 | 1 Apache | 1 Xml Security For C\+\+ | 2025-04-11 | N/A |
| Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions. | ||||
| CVE-2013-2137 | 1 Apache | 1 Ofbiz | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-0715 | 2 Apache, Redhat | 2 Subversion, Enterprise Linux | 2025-04-11 | N/A |
| The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. | ||||
| CVE-2013-2136 | 1 Apache | 1 Cloudstack | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings. | ||||
| CVE-2013-2135 | 1 Apache | 1 Struts | 2025-04-11 | N/A |
| Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice. | ||||
| CVE-2013-2112 | 5 Apache, Canonical, Collabnet and 2 more | 5 Subversion, Ubuntu Linux, Subversion and 2 more | 2025-04-11 | N/A |
| The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. | ||||
| CVE-2013-2160 | 2 Apache, Redhat | 4 Cxf, Fuse Esb Enterprise, Jboss Enterprise Portal Platform and 1 more | 2025-04-11 | N/A |
| The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors. | ||||
| CVE-2013-2156 | 1 Apache | 1 Xml Security For C\+\+ | 2025-04-11 | N/A |
| Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute. | ||||
| CVE-2011-1184 | 2 Apache, Redhat | 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more | 2025-04-11 | N/A |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. | ||||
| CVE-2011-1928 | 2 Apache, Redhat | 3 Apr-util, Http Server, Enterprise Linux | 2025-04-11 | N/A |
| The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. | ||||
| CVE-2011-2526 | 2 Apache, Redhat | 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more | 2025-04-11 | N/A |
| Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. | ||||
| CVE-2013-2055 | 1 Apache | 1 Wicket | 2025-04-11 | N/A |
| Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup. | ||||
| CVE-2010-3315 | 2 Apache, Redhat | 2 Subversion, Enterprise Linux | 2025-04-11 | N/A |
| authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | ||||
| CVE-2013-1966 | 1 Apache | 1 Struts | 2025-04-11 | N/A |
| Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. | ||||
| CVE-2013-2134 | 1 Apache | 1 Struts | 2025-04-11 | N/A |
| Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135. | ||||
| CVE-2010-3453 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2025-04-11 | N/A |
| The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. | ||||