Filtered by vendor Apache
Subscriptions
Total
2769 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2162 | 1 Apache | 1 Struts | 2025-04-12 | N/A |
| Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display. | ||||
| CVE-2014-0095 | 1 Apache | 1 Tomcat | 2025-04-12 | N/A |
| java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing. | ||||
| CVE-2016-2167 | 1 Apache | 1 Subversion | 2025-04-12 | N/A |
| The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. | ||||
| CVE-2011-4367 | 1 Apache | 1 Myfaces | 2025-04-12 | 7.5 High |
| Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/. | ||||
| CVE-2016-4463 | 3 Apache, Debian, Redhat | 4 Xerces-c\+\+, Debian Linux, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. | ||||
| CVE-2014-3629 | 1 Apache | 1 Qpid | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. | ||||
| CVE-2015-5345 | 4 Apache, Canonical, Debian and 1 more | 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | N/A |
| The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. | ||||
| CVE-2014-0230 | 3 Apache, Oracle, Redhat | 5 Tomcat, Virtualization, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. | ||||
| CVE-2014-3584 | 2 Apache, Redhat | 2 Cxf, Jboss Fuse | 2025-04-12 | N/A |
| The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. | ||||
| CVE-2016-6801 | 2 Apache, Debian | 2 Jackrabbit, Debian Linux | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header. | ||||
| CVE-2014-8110 | 1 Apache | 1 Activemq | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-3529 | 2 Apache, Redhat | 6 Poi, Jboss Bpms, Jboss Brms and 3 more | 2025-04-12 | N/A |
| The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2012-5650 | 1 Apache | 1 Couchdb | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite. | ||||
| CVE-2014-3525 | 1 Apache | 1 Traffic Server | 2025-04-12 | N/A |
| Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. | ||||
| CVE-2014-3502 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | ||||
| CVE-2015-7520 | 1 Apache | 1 Wicket | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element. | ||||
| CVE-2014-3501 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. | ||||
| CVE-2015-1830 | 2 Apache, Microsoft | 2 Activemq, Windows | 2025-04-12 | N/A |
| Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. | ||||
| CVE-2014-3500 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | ||||
| CVE-2010-5312 | 7 Apache, Debian, Drupal and 4 more | 7 Drill, Debian Linux, Drupal and 4 more | 2025-04-12 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. | ||||