Max CVSS | 7.5 | Min CVSS | 6.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-0114 | 7.5 |
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m
|
13-02-2023 - 00:32 | 30-04-2014 - 10:49 | |
CVE-2013-6429 | 6.8 |
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CS
|
11-04-2022 - 17:16 | 26-01-2014 - 16:58 | |
CVE-2014-0107 | 7.5 |
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or ac
|
20-10-2021 - 11:15 | 15-04-2014 - 23:13 | |
CVE-2014-0050 | 7.5 |
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that b
|
17-07-2021 - 08:15 | 01-04-2014 - 06:27 | |
CVE-2015-3253 | 7.5 |
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
|
24-06-2020 - 05:15 | 13-08-2015 - 14:59 | |
CVE-2016-0763 | 6.5 |
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, wh
|
21-03-2019 - 15:59 | 25-02-2016 - 01:59 | |
CVE-2015-5652 | 7.2 |
Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a
|
28-11-2016 - 19:35 | 06-10-2015 - 01:59 |