Filtered by vendor Apache
Subscribe
Total
2372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3353 | 1 Apache | 1 Sling Jcr Contentloader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader | |||||
| CVE-2012-2945 | 1 Apache | 1 Hadoop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Hadoop 1.0.3 contains a symlink vulnerability. | |||||
| CVE-2012-1592 | 1 Apache | 1 Struts | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. | |||||
| CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | |||||
| CVE-2011-3600 | 1 Apache | 1 Ofbiz | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04. | |||||
| CVE-2011-2767 | 4 Apache, Canonical, Debian and 1 more | 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | |||||
| CVE-2011-2487 | 2 Apache, Redhat | 10 Cxf, Wss4j, Jboss Business Rules Management System and 7 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | |||||
| CVE-2011-2177 | 1 Apache | 1 Openoffice | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. | |||||
| CVE-2009-5004 | 1 Apache | 1 Qpid-cpp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | |||||
| CVE-2009-4267 | 1 Apache | 1 Juddi | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. | |||||
| CVE-2024-42361 | 1 Apache | 1 Hertzbeat | 2024-08-28 | N/A | 9.8 CRITICAL |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection. | |||||
| CVE-2024-42362 | 1 Apache | 1 Hertzbeat | 2024-08-28 | N/A | 8.8 HIGH |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0. | |||||