Max CVSS | 9.3 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-5002 | 9.3 |
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
|
22-01-2024 - 17:15 | 27-10-2017 - 18:29 | |
CVE-2016-5003 | 7.5 |
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.
|
22-01-2024 - 17:15 | 27-10-2017 - 18:29 | |
CVE-2018-1259 | 5.0 |
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as unde
|
25-07-2022 - 18:15 | 11-05-2018 - 20:29 | |
CVE-2018-1257 | 4.0 |
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A
|
23-06-2022 - 16:31 | 11-05-2018 - 20:29 | |
CVE-2018-1288 | 5.5 |
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data
|
18-04-2022 - 17:31 | 26-07-2018 - 14:29 | |
CVE-2018-8039 | 6.8 |
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to ma
|
16-06-2021 - 12:15 | 02-07-2018 - 13:29 | |
CVE-2018-1336 | 5.0 |
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and
|
15-04-2020 - 21:15 | 02-08-2018 - 14:29 | |
CVE-2018-12537 | 5.0 |
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client req
|
09-10-2019 - 23:34 | 14-08-2018 - 19:29 | |
CVE-2017-12196 | 4.3 |
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the a
|
09-10-2019 - 23:22 | 18-04-2018 - 01:29 | |
CVE-2018-8014 | 7.5 |
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter
|
03-10-2019 - 00:03 | 16-05-2018 - 16:29 | |
CVE-2018-8041 | 5.0 |
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
|
24-05-2019 - 11:29 | 17-09-2018 - 14:29 | |
CVE-2018-8018 | 7.5 |
In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present
|
28-02-2019 - 22:03 | 20-07-2018 - 01:29 |