Filtered by vendor Apache
Subscriptions
Total
2327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3271 | 1 Apache | 1 Tika | 2024-08-06 | N/A |
| Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header. | ||||
| CVE-2015-3249 | 1 Apache | 1 Traffic Server | 2024-08-06 | N/A |
| The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function. | ||||
| CVE-2015-3254 | 2 Apache, Redhat | 4 Thrift, Jboss Amq, Jboss Data Virtualization and 1 more | 2024-08-06 | N/A |
| The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. | ||||
| CVE-2015-3268 | 1 Apache | 1 Ofbiz | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element. | ||||
| CVE-2015-3251 | 1 Apache | 1 Cloudstack | 2024-08-06 | N/A |
| Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls. | ||||
| CVE-2015-3188 | 1 Apache | 1 Storm | 2024-08-06 | N/A |
| The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-3183 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2024-08-06 | N/A |
| The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c. | ||||
| CVE-2015-3185 | 4 Apache, Apple, Canonical and 1 more | 8 Http Server, Mac Os X, Mac Os X Server and 5 more | 2024-08-06 | N/A |
| The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. | ||||
| CVE-2015-3184 | 3 Apache, Apple, Redhat | 4 Http Server, Subversion, Xcode and 1 more | 2024-08-06 | N/A |
| mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. | ||||
| CVE-2015-3187 | 3 Apache, Apple, Redhat | 3 Subversion, Xcode, Enterprise Linux | 2024-08-06 | N/A |
| The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. | ||||
| CVE-2015-3186 | 1 Apache | 1 Ambari | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. | ||||
| CVE-2015-2992 | 1 Apache | 1 Struts | 2024-08-06 | 6.1 Medium |
| Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2015-2944 | 1 Apache | 2 Sling Api, Sling Servlets Post | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse. | ||||
| CVE-2015-2091 | 1 Apache | 1 Mod-gnutls | 2024-08-06 | N/A |
| The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate. | ||||
| CVE-2015-1774 | 6 Apache, Canonical, Debian and 3 more | 9 Openoffice, Ubuntu Linux, Debian Linux and 6 more | 2024-08-06 | N/A |
| The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. | ||||
| CVE-2015-1836 | 2 Apache, Ibm | 2 Hbase, Infosphere Biginsights | 2024-08-06 | N/A |
| Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic. | ||||
| CVE-2015-1831 | 1 Apache | 1 Struts | 2024-08-06 | N/A |
| The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors. | ||||
| CVE-2015-1832 | 1 Apache | 1 Derby | 2024-08-06 | N/A |
| XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype. | ||||
| CVE-2015-1835 | 1 Apache | 1 Cordova | 2024-08-06 | N/A |
| Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. | ||||
| CVE-2015-1833 | 1 Apache | 1 Jackrabbit | 2024-08-06 | N/A |
| XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request. | ||||