|Max CVSS||7.5||Min CVSS||4.0||Total Count||5|
|ID||CVSS||Summary||Last (major) update||Published|
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at
|26-07-2018 - 13:29||26-07-2018 - 13:29|
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privi
|10-01-2018 - 10:29||10-01-2018 - 10:29|
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
|21-05-2017 - 14:29||21-05-2017 - 14:29|
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
|24-04-2017 - 20:32||17-04-2017 - 17:59|
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
|14-04-2017 - 21:59||06-01-2016 - 14:59|