Filtered by vendor Apache
Subscriptions
Total
2826 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0714 | 4 Apache, Canonical, Debian and 1 more | 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | N/A |
| The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. | ||||
| CVE-2016-0731 | 1 Apache | 1 Ambari | 2025-04-12 | N/A |
| The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | ||||
| CVE-2016-0712 | 1 Apache | 1 Jetspeed | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal. | ||||
| CVE-2016-0711 | 1 Apache | 1 Jetspeed | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource. | ||||
| CVE-2016-0707 | 1 Apache | 1 Ambari | 2025-04-12 | N/A |
| The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. | ||||
| CVE-2016-2163 | 1 Apache | 1 Openmeetings | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. | ||||
| CVE-2014-8152 | 1 Apache | 1 Santuario Xml Security For Java | 2025-04-12 | N/A |
| Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document. | ||||
| CVE-2014-3580 | 4 Apache, Apple, Debian and 1 more | 9 Subversion, Xcode, Debian Linux and 6 more | 2025-04-12 | N/A |
| The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. | ||||
| CVE-2015-8796 | 1 Apache | 1 Solr | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. | ||||
| CVE-2015-8320 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value. | ||||
| CVE-2015-7611 | 1 Apache | 1 James Server | 2025-04-12 | N/A |
| Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. | ||||
| CVE-2015-7521 | 1 Apache | 1 Hive | 2025-04-12 | N/A |
| The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations. | ||||
| CVE-2015-5351 | 4 Apache, Canonical, Debian and 1 more | 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | N/A |
| The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. | ||||
| CVE-2015-5344 | 2 Apache, Redhat | 2 Camel, Jboss Fuse | 2025-04-12 | N/A |
| The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | ||||
| CVE-2015-5256 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI. | ||||
| CVE-2015-5253 | 2 Apache, Redhat | 2 Cxf, Jboss Fuse | 2025-04-12 | N/A |
| The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." | ||||
| CVE-2015-7430 | 1 Apache | 1 Hadoop | 2025-04-12 | N/A |
| The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors. | ||||
| CVE-2015-5204 | 1 Apache | 1 Cordova File Transfer | 2025-04-12 | N/A |
| CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. | ||||
| CVE-2015-5167 | 1 Apache | 1 Ranger | 2025-04-12 | N/A |
| The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API. | ||||
| CVE-2015-3185 | 4 Apache, Apple, Canonical and 1 more | 8 Http Server, Mac Os X, Mac Os X Server and 5 more | 2025-04-12 | N/A |
| The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. | ||||