Filtered by vendor Apache
Subscriptions
Total
2398 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3528 | 5 Apache, Apple, Canonical and 2 more | 10 Subversion, Xcode, Ubuntu Linux and 7 more | 2024-11-21 | N/A |
| Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. | ||||
| CVE-2014-3526 | 1 Apache | 1 Wicket | 2024-11-21 | 7.5 High |
| Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions. | ||||
| CVE-2014-3525 | 1 Apache | 1 Traffic Server | 2024-11-21 | N/A |
| Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. | ||||
| CVE-2014-3524 | 2 Apache, Libreoffice | 2 Openoffice, Libreoffice | 2024-11-21 | N/A |
| Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | ||||
| CVE-2014-3523 | 3 Apache, Microsoft, Redhat | 3 Http Server, Windows, Jboss Core Services | 2024-11-21 | N/A |
| Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests. | ||||
| CVE-2014-3522 | 4 Apache, Apple, Canonical and 1 more | 4 Subversion, Xcode, Ubuntu Linux and 1 more | 2024-11-21 | N/A |
| The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | ||||
| CVE-2014-3504 | 3 Apache, Canonical, Serf Project | 3 Subversion, Ubuntu Linux, Serf | 2024-11-21 | N/A |
| The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||||
| CVE-2014-3503 | 1 Apache | 1 Syncope | 2024-11-21 | N/A |
| Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack. | ||||
| CVE-2014-3502 | 1 Apache | 1 Cordova | 2024-11-21 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | ||||
| CVE-2014-3501 | 1 Apache | 1 Cordova | 2024-11-21 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. | ||||
| CVE-2014-3500 | 1 Apache | 1 Cordova | 2024-11-21 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | ||||
| CVE-2014-3250 | 3 Apache, Puppet, Redhat | 3 Http Server, Puppet, Linux | 2024-11-21 | N/A |
| The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | ||||
| CVE-2014-2668 | 1 Apache | 1 Couchdb | 2024-11-21 | N/A |
| Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. | ||||
| CVE-2014-1972 | 1 Apache | 1 Tapestry | 2024-11-21 | N/A |
| Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data. | ||||
| CVE-2014-1884 | 3 Adobe, Apache, Microsoft | 3 Phonegap, Cordova, Windows Phone | 2024-11-21 | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. | ||||
| CVE-2014-1882 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2024-11-21 | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. | ||||
| CVE-2014-1881 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2024-11-21 | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization. | ||||
| CVE-2014-10022 | 1 Apache | 1 Traffic Server | 2024-11-21 | N/A |
| Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. | ||||
| CVE-2014-0232 | 1 Apache | 1 Ofbiz | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message. | ||||
| CVE-2014-0231 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2024-11-21 | N/A |
| The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. | ||||