Filtered by vendor Apache
Subscriptions
Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0110 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. | ||||
| CVE-2016-3085 | 1 Apache | 1 Cloudstack | 2025-04-12 | N/A |
| Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | ||||
| CVE-2016-3089 | 1 Apache | 1 Openmeetings | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter. | ||||
| CVE-2015-2091 | 1 Apache | 1 Mod-gnutls | 2025-04-12 | N/A |
| The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate. | ||||
| CVE-2015-0202 | 2 Apache, Opensuse | 2 Subversion, Opensuse | 2025-04-12 | N/A |
| The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. | ||||
| CVE-2016-2174 | 1 Apache | 1 Ranger | 2025-04-12 | N/A |
| SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | ||||
| CVE-2016-1513 | 1 Apache | 1 Openoffice | 2025-04-12 | N/A |
| The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file. | ||||
| CVE-2016-8740 | 2 Apache, Redhat | 3 Http Server, Jboss Core Services, Rhel Software Collections | 2025-04-12 | N/A |
| The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. | ||||
| CVE-2016-4979 | 2 Apache, Redhat | 2 Http Server, Rhel Software Collections | 2025-04-12 | N/A |
| The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. | ||||
| CVE-2016-0760 | 1 Apache | 1 Sentry | 2025-04-12 | N/A |
| Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions. | ||||
| CVE-2016-4430 | 1 Apache | 1 Struts | 2025-04-12 | N/A |
| Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | ||||
| CVE-2016-0735 | 1 Apache | 1 Ranger | 2025-04-12 | N/A |
| Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy. | ||||
| CVE-2014-0034 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. | ||||
| CVE-2016-0731 | 1 Apache | 1 Ambari | 2025-04-12 | N/A |
| The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | ||||
| CVE-2016-2170 | 1 Apache | 1 Ofbiz | 2025-04-12 | 9.8 Critical |
| Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2016-0712 | 1 Apache | 1 Jetspeed | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal. | ||||
| CVE-2014-3581 | 4 Apache, Canonical, Oracle and 1 more | 12 Http Server, Ubuntu Linux, Enterprise Manager Ops Center and 9 more | 2025-04-12 | N/A |
| The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. | ||||
| CVE-2016-3092 | 5 Apache, Canonical, Debian and 2 more | 9 Commons Fileupload, Tomcat, Ubuntu Linux and 6 more | 2025-04-12 | N/A |
| The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. | ||||
| CVE-2016-3087 | 1 Apache | 1 Struts | 2025-04-12 | N/A |
| Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin. | ||||
| CVE-2016-0711 | 1 Apache | 1 Jetspeed | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource. | ||||