Filtered by vendor Apache Subscriptions

Search

Switch to Advanced Search (Beta)
Total 2408 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-2245 1 Apache 1 Wink 2024-11-21 N/A
XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document.
CVE-2010-2232 1 Apache 1 Derby 2024-11-21 N/A
In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.
CVE-2009-5004 2 Apache, Redhat 2 Qpid-cpp, Enterprise Mrg 2024-11-21 6.5 Medium
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .
CVE-2009-4267 1 Apache 1 Juddi 2024-11-21 N/A
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.
CVE-2009-1198 1 Apache 1 Juddi 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp.
CVE-2009-1197 1 Apache 1 Juddi 2024-11-21 N/A
Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.
CVE-2024-42361 1 Apache 1 Hertzbeat 2024-09-03 7.5 High
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.
CVE-2024-42362 2 Apache, Dromara 2 Hertzbeat, Hertzbeat 2024-08-28 8.8 High
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.