Filtered by vendor Apache
Subscriptions
Total
2529 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-5344 | 2 Apache, Redhat | 2 Camel, Jboss Fuse | 2025-04-12 | N/A |
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | ||||
CVE-2015-8796 | 1 Apache | 1 Solr | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. | ||||
CVE-2014-3502 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | ||||
CVE-2014-8109 | 4 Apache, Canonical, Fedoraproject and 1 more | 4 Http Server, Ubuntu Linux, Fedora and 1 more | 2025-04-12 | N/A |
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. | ||||
CVE-2014-3501 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. | ||||
CVE-2014-8152 | 1 Apache | 1 Santuario Xml Security For Java | 2025-04-12 | N/A |
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document. | ||||
CVE-2015-0899 | 1 Apache | 1 Struts | 2025-04-12 | N/A |
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. | ||||
CVE-2014-3500 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | ||||
CVE-2014-3503 | 1 Apache | 1 Syncope | 2025-04-12 | N/A |
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack. | ||||
CVE-2015-5345 | 4 Apache, Canonical, Debian and 1 more | 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | N/A |
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. | ||||
CVE-2014-2668 | 1 Apache | 1 Couchdb | 2025-04-12 | N/A |
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. | ||||
CVE-2016-0709 | 1 Apache | 1 Jetspeed | 2025-04-12 | N/A |
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp." | ||||
CVE-2015-5256 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI. | ||||
CVE-2014-1972 | 1 Apache | 1 Tapestry | 2025-04-12 | N/A |
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data. | ||||
CVE-2014-1884 | 3 Adobe, Apache, Microsoft | 3 Phonegap, Cordova, Windows Phone | 2025-04-12 | N/A |
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. | ||||
CVE-2014-1882 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2025-04-12 | N/A |
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. | ||||
CVE-2014-1881 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2025-04-12 | N/A |
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization. | ||||
CVE-2015-0228 | 5 Apache, Apple, Canonical and 2 more | 6 Http Server, Mac Os X, Mac Os X Server and 3 more | 2025-04-12 | N/A |
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. | ||||
CVE-2015-5259 | 1 Apache | 1 Subversion | 2025-04-12 | N/A |
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. | ||||
CVE-2014-10022 | 1 Apache | 1 Traffic Server | 2025-04-12 | N/A |
Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. |