|Max CVSS||7.5||Min CVSS||4.0||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and
|14-06-2021 - 18:15||29-01-2018 - 17:29|
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
|28-01-2021 - 18:11||03-01-2018 - 20:29|
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be
|09-10-2019 - 23:29||10-01-2018 - 15:29|
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
|09-10-2019 - 23:22||27-07-2018 - 15:29|
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
|26-04-2019 - 13:16||19-02-2018 - 15:29|