Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2013-2192
The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by...
Apache Hadoop 0.23.3Apache Hadoop 0.23.4Apache Hadoop 1.1.2Apache Hadoop 1.2.0Apache Hadoop 2.0.0Apache Hadoop 2.0.2Apache Hadoop 2.0.3Apache Hadoop 0.23.7Apache Hadoop 0.23.8Apache Hadoop 1.0.4Apache Hadoop 1.0.0Apache Hadoop 1.0.1Apache Hadoop 2.0.4Apache Hadoop 2.0.5Apache Hadoop 1.1.0Apache Hadoop 1.1.1Apache Hadoop 1.0.2Apache Hadoop 1.0.3Apache Hadoop 2.0.1Apache Hadoop 0.23.5Apache Hadoop 0.23.6Apache Hadoop 0.23.0Apache Hadoop 0.23.1
7.2
CVSSv3
CVE-2018-1321
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to...
Apache Syncope 1.0.8Apache Syncope 1.1.0Apache Syncope 1.1.7Apache Syncope 1.2.0Apache Syncope 1.0.0Apache Syncope 1.0.4Apache Syncope 1.0.5Apache Syncope 1.0.6Apache SyncopeApache Syncope 1.1.1Apache Syncope 1.1.2Apache Syncope 1.1.3Apache Syncope 1.1.4Apache Syncope 1.1.5Apache Syncope 1.0.7Apache Syncope 1.0.9Apache Syncope 1.1.6Apache Syncope 1.1.8
NA
CVE-2012-4460
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read,...
Apache Qpid 0.14Apache Qpid 0.7Apache Qpid 0.15Apache Qpid 0.10Apache Qpid 0.17Apache QpidApache Qpid 0.9Apache Qpid 0.13Apache Qpid 0.6Apache Qpid 0.11Apache Qpid 0.12Apache Qpid 0.18Apache Qpid 0.16Apache Qpid 0.19Apache Qpid 0.5Apache Qpid 0.8
NA
CVE-2011-1772
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an...
Apache Struts 2.0.8Apache Struts 2.0.6Apache Struts 2.0.13Apache Struts 2.0.12Apache Struts 2.0.10Apache Struts 2.0.0Apache Struts 2.0.11.2Apache Struts 2.0.11.1Apache Struts 2.1.2Apache Struts 2.0.14Apache Struts 2.0.4Apache Struts 2.0.7Apache Struts 2.2.1.1Apache Struts 2.0.11Apache Struts 2.0.9Apache Struts 2.2.1Apache Struts 2.1.3Apache Struts 2.1.0Apache Struts 2.1.8Apache Struts 2.1.8.1Apache Struts 2.0.2Apache Struts 2.0.5Apache Struts 2.1.5Apache Struts 2.1.4Apache Struts 2.1.6Apache Struts 2.1.1Apache Struts 2.0.1Apache Struts 2.0.3Opensymphony XworkOpensymphony Webwork
NA
CVE-2007-3383
Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and...
Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.1.2Apache Tomcat 4.1.24Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.28Apache Tomcat 4.1.3Apache Tomcat 4.1.31Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.1.10Apache Tomcat 4.1.15Apache Tomcat 4.0.0Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.36
6.1
CVSSv3
CVE-2016-6800
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the...
Apache Ofbiz 12.04.06Apache Ofbiz 11.04Apache Ofbiz 11.04.01Apache Ofbiz 11.04.02Apache Ofbiz 13.07.01Apache Ofbiz 12.04.02Apache Ofbiz 12.04.04Apache Ofbiz 11.04.04Apache Ofbiz 11.04.06Apache Ofbiz 13.07.02Apache Ofbiz 13.07.03Apache Ofbiz 12.04Apache Ofbiz 12.04.01Apache Ofbiz 13.07Apache Ofbiz 12.04.03Apache Ofbiz 12.04.05Apache Ofbiz 11.04.03Apache Ofbiz 11.04.05
7.5
CVSSv3
CVE-2011-4343
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters....
Apache Myfaces 2.0.1Apache Myfaces 2.1.3Apache Myfaces 2.1.4Apache Myfaces 2.0.4Apache Myfaces 2.1.0Apache Myfaces 2.0.7Apache Myfaces 2.0.8Apache Myfaces 2.1.1Apache Myfaces 2.1.2Apache Myfaces 2.0.9Apache Myfaces 2.0.10Apache Myfaces 2.0.2Apache Myfaces 2.0.3Apache Myfaces 2.0.5Apache Myfaces 2.0.6
NA
CVE-2014-3528
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm....
Opensuse Opensuse 12.3Opensuse Opensuse 13.1Apache Subversion 1.3.0Apache Subversion 1.1.0Apache Subversion 1.1.1Apache Subversion 1.0.3Apache Subversion 1.0.4Apache Subversion 1.8.8Apache Subversion 1.8.9Apache Subversion 1.8.6Apache Subversion 1.7.16Apache Subversion 1.7.14Apache Subversion 1.7.15Apache Subversion 1.7.2Apache Subversion 1.7.9Apache Subversion 1.6.0Apache Subversion 1.6.15Apache Subversion 1.6.16Apache Subversion 1.6.23Apache Subversion 1.6.3Apache Subversion 1.6.4Apache Subversion 1.5.1Apache Subversion 1.5.2Apache Subversion 1.4.0Apache Subversion 1.4.1Apache Subversion 1.3.1Apache Subversion 1.3.2Apache Subversion 1.1.2Apache Subversion 1.1.3Apache Subversion 1.0.5Apache Subversion 1.0.6Apache Subversion 1.0.7Apache Subversion 1.8.0Apache Subversion 1.8.1Apache Subversion 1.7.0Apache Subversion 1.7.1Apache Subversion 1.7.3Apache Subversion 1.7.4Apache Subversion 1.6.1Apache Subversion 1.6.10Apache Subversion 1.6.17Apache Subversion 1.6.18Apache Subversion 1.6.5Apache Subversion 1.6.6Apache Subversion 1.5.3Apache Subversion 1.5.4Apache Subversion 1.4.2Apache Subversion 1.4.3Apache Subversion 1.2.2Apache Subversion 1.2.3Apache Subversion 1.0.1Apache Subversion 1.0.2Apache Subversion 1.7.17Apache Subversion 1.8.7Apache Subversion 1.8.4Apache Subversion 1.8.5Apache Subversion 1.7.12Apache Subversion 1.7.13Apache Subversion 1.7.7Apache Subversion 1.7.8Apache Subversion 1.6.13Apache Subversion 1.6.14Apache Subversion 1.6.20Apache Subversion 1.6.21Apache Subversion 1.6.9Apache Subversion 1.5.0Apache Subversion 1.5.7Apache Subversion 1.5.8Apache Subversion 1.4.6Apache Subversion 1.2.0Apache Subversion 1.2.1Apache Subversion 1.1.4Apache Subversion 1.0.0Apache Subversion 1.0.8Apache Subversion 1.0.9Apache Subversion 1.8.2Apache Subversion 1.8.3Apache Subversion 1.7.10Apache Subversion 1.7.11Apache Subversion 1.7.5Apache Subversion 1.7.6Apache Subversion 1.6.11Apache Subversion 1.6.12Apache Subversion 1.6.19Apache Subversion 1.6.2Apache Subversion 1.6.7Apache Subversion 1.6.8Apache Subversion 1.5.5Apache Subversion 1.5.6Apache Subversion 1.4.4Apache Subversion 1.4.5Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Apple Xcode 6.1.1Redhat Enterprise Linux Workstation 6.0Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Hpc Node 7.0Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Server Eus 6.6.zRedhat Enterprise Linux Hpc Node 6.0Redhat Enterprise Linux Desktop 7.0
NA
CVE-2002-2006
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets....
Apache Tomcat 3.0Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 4.1.0
7.5
CVSSv3
CVE-2015-0899
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter....
Apache Struts 1.3.10Apache Struts 1.2.9Apache Struts 1.1Apache Struts 1.2.6Apache Struts 1.2.4Apache Struts 1.0.2Apache Struts 1.0Apache Struts 1.2.8Apache Struts 1.2.7Apache Struts 1.3.8Apache Struts 1.3.5Apache Struts 1.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2023-21068CVE-2023-21077unspecifiedCVE-2023-21070CVE-2023-21016file upload
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook