Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-10 | CVE-2014-7807 | Improper Authentication vulnerability in Apache Cloudstack Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. | 5.0 |
2014-11-24 | CVE-2010-5312 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. | 6.1 |
2014-11-17 | CVE-2014-3629 | Data Processing Errors vulnerability in Apache Qpid 0.30 XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. | 4.3 |
2014-11-15 | CVE-2014-3502 | Information Exposure vulnerability in Apache Cordova 3.5.0 Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | 4.3 |
2014-11-15 | CVE-2014-3501 | 7PK - Security Features vulnerability in Apache Cordova 3.5.0 Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. | 4.3 |
2014-11-15 | CVE-2014-3500 | Code vulnerability in Apache Cordova Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | 6.4 |
2014-10-06 | CVE-2014-0074 | Improper Authentication vulnerability in Apache Shiro Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. | 7.5 |
2014-09-12 | CVE-2013-4444 | Code Injection vulnerability in Apache Tomcat Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file. | 6.8 |
2014-09-04 | CVE-2014-3574 | Denial Of Service vulnerability in Apache POI Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack. network apache | 4.3 |
2014-09-04 | CVE-2014-3529 | Remote Security vulnerability in RETIRED: POI The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. network apache | 4.3 |