| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-4434 | 6.8 |
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF
|
09-10-2018 - 20:00 | 30-09-2017 - 01:29 | |
| CVE-2016-2175 | 7.5 |
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. <a href="http://cwe.mitre.org/data/definitions/611
|
09-10-2018 - 19:59 | 01-06-2016 - 20:59 | |
| CVE-2016-7033 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
05-01-2018 - 02:31 | 07-09-2016 - 18:59 | |
| CVE-2016-6344 | 5.0 |
Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
|
05-01-2018 - 02:31 | 07-09-2016 - 18:59 |