Filtered by vendor Apache
Subscriptions
Total
2327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7611 | 1 Apache | 1 James Server | 2024-08-06 | N/A |
| Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. | ||||
| CVE-2015-7520 | 1 Apache | 1 Wicket | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element. | ||||
| CVE-2015-7430 | 1 Apache | 1 Hadoop | 2024-08-06 | N/A |
| The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors. | ||||
| CVE-2015-6524 | 2 Apache, Fedoraproject | 2 Activemq, Fedora | 2024-08-06 | N/A |
| The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. | ||||
| CVE-2015-6420 | 1 Apache | 1 Commons Collections | 2024-08-06 | N/A |
| Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
| CVE-2015-5344 | 2 Apache, Redhat | 2 Camel, Jboss Fuse | 2024-08-06 | N/A |
| The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | ||||
| CVE-2015-5343 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2024-08-06 | N/A |
| Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. | ||||
| CVE-2015-5346 | 4 Apache, Canonical, Debian and 1 more | 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more | 2024-08-06 | N/A |
| Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. | ||||
| CVE-2015-5347 | 1 Apache | 1 Wicket | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title. | ||||
| CVE-2015-5351 | 4 Apache, Canonical, Debian and 1 more | 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more | 2024-08-06 | N/A |
| The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. | ||||
| CVE-2015-5348 | 2 Apache, Redhat | 2 Camel, Jboss Fuse | 2024-08-06 | N/A |
| Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | ||||
| CVE-2015-5345 | 4 Apache, Canonical, Debian and 1 more | 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more | 2024-08-06 | N/A |
| The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. | ||||
| CVE-2015-5349 | 1 Apache | 2 Directory Studio, Ldap Studio | 2024-08-06 | 7.8 High |
| The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet. | ||||
| CVE-2015-5262 | 3 Apache, Canonical, Fedoraproject | 3 Httpclient, Ubuntu Linux, Fedora | 2024-08-06 | N/A |
| http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. | ||||
| CVE-2015-5175 | 1 Apache | 1 Cxf Fediz | 2024-08-06 | N/A |
| Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. | ||||
| CVE-2015-5208 | 1 Apache | 1 Cordova | 2024-08-06 | N/A |
| Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | ||||
| CVE-2015-5253 | 2 Apache, Redhat | 2 Cxf, Jboss Fuse | 2024-08-06 | N/A |
| The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." | ||||
| CVE-2015-5206 | 1 Apache | 1 Traffic Server | 2024-08-06 | N/A |
| Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. | ||||
| CVE-2015-5256 | 1 Apache | 1 Cordova | 2024-08-06 | N/A |
| Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI. | ||||
| CVE-2015-5169 | 1 Apache | 1 Struts | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | ||||