|Max CVSS||6.0||Min CVSS||2.1||Total Count||7|
|ID||CVSS||Summary||Last (major) update||Published|
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via
|30-10-2017 - 10:29||30-10-2017 - 10:29|
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
|30-12-2016 - 21:59||21-04-2015 - 13:59|
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitiv
|13-10-2015 - 12:51||21-04-2015 - 13:59|
Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.
|25-08-2015 - 14:05||24-08-2015 - 10:59|
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows r
|19-08-2015 - 18:54||17-08-2015 - 16:59|
The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion.
|19-08-2015 - 12:59||17-08-2015 - 16:59|
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
|09-07-2015 - 21:59||12-02-2015 - 11:59|