Max CVSS 6.0 Min CVSS 4.3 Total Count5
IDCVSSSummaryLast (major) updatePublished
CVE-2015-0226 5.0
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via
30-10-2017 - 10:29 30-10-2017 - 10:29
CVE-2014-3577 5.8
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName fi
10-01-2017 - 21:59 21-08-2014 - 10:55
CVE-2015-1796 4.3
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an en
29-11-2016 - 21:59 08-07-2015 - 11:59
CVE-2015-0227 5.0
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
09-07-2015 - 21:59 12-02-2015 - 11:59
CVE-2014-8175 6.0
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
09-07-2015 - 11:44 08-07-2015 - 11:59
Back to Top Mark selected
Back to Top