| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-12626 | 5.0 |
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and
|
14-06-2021 - 18:15 | 29-01-2018 - 17:29 | |
| CVE-2017-1000487 | 7.5 |
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
|
28-01-2021 - 18:11 | 03-01-2018 - 20:29 | |
| CVE-2017-7559 | 5.8 |
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be
|
09-10-2019 - 23:29 | 10-01-2018 - 15:29 | |
| CVE-2017-12165 | 5.0 |
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
|
09-10-2019 - 23:22 | 27-07-2018 - 15:29 | |
| CVE-2016-8750 | 4.0 |
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
|
26-04-2019 - 13:16 | 19-02-2018 - 15:29 |