Search Results (Refine Search)
- Keyword (text search): Apache
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-5214 |
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. Published: November 10, 2015; 12:59:04 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5213 |
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow. Published: November 10, 2015; 12:59:03 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5212 |
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document. Published: November 10, 2015; 12:59:02 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4551 |
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer. Published: November 10, 2015; 12:59:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-4940 |
Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file. Published: November 08, 2015; 5:59:11 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-4928 |
Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields. Published: November 08, 2015; 5:59:10 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5210 |
Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. Published: November 02, 2015; 2:59:04 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-3270 |
Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. Published: November 02, 2015; 2:59:02 PM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2015-3186 |
Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. Published: November 02, 2015; 2:59:01 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-1775 |
Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call. Published: November 02, 2015; 2:59:00 PM -0500 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2015-5262 |
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. Published: October 27, 2015; 12:59:07 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-3269 |
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: August 24, 2015; 9:59:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-6524 |
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. Published: August 24, 2015; 10:59:13 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3612 |
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames. Published: August 24, 2015; 10:59:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-1972 |
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data. Published: August 22, 2015; 7:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-1830 |
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. Published: August 19, 2015; 11:59:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5506 |
The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search. Published: August 18, 2015; 2:00:11 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5501 |
The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment. Published: August 18, 2015; 2:00:04 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-3576 |
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. Published: August 14, 2015; 2:59:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-3253 |
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. Published: August 13, 2015; 10:59:02 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |