|Max CVSS||7.5||Min CVSS||5.0||Total Count||5|
|ID||CVSS||Summary||Last (major) update||Published|
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via
|30-10-2017 - 10:29||30-10-2017 - 10:29|
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
|21-12-2016 - 21:59||09-03-2015 - 10:59|
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
|05-12-2016 - 21:59||13-08-2015 - 10:59|
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
|02-12-2016 - 22:25||07-04-2016 - 16:59|
JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified v
|28-11-2016 - 15:03||30-06-2016 - 12:59|