Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-03-24 | CVE-2015-0250 | XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. | 6.4 |
2015-03-13 | CVE-2015-2091 | Cryptographic Issues vulnerability in Apache Mod-Gnutls The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate. | 5.0 |
2015-02-12 | CVE-2015-0227 | Permissions, Privileges, and Access Controls vulnerability in Apache Wss4J Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks." | 5.0 |
2015-02-02 | CVE-2015-0223 | Permissions, Privileges, and Access Controls vulnerability in Apache Qpid Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. | 5.0 |
2015-01-15 | CVE-2014-9593 | Information Exposure vulnerability in Apache Cloudstack Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. | 5.0 |
2015-01-13 | CVE-2014-10022 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Traffic Server Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. | 5.0 |
2015-01-06 | CVE-2014-9527 | Resource Management Errors vulnerability in multiple products HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. | 5.0 |
2014-12-18 | CVE-2014-8108 | Remote Denial of Service vulnerability in Apache Subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. | 5.0 |
2014-12-18 | CVE-2014-3580 | Remote Denial of Service vulnerability in Apache Subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. | 5.0 |
2014-12-10 | CVE-2014-7809 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Struts Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism. | 6.8 |