Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-0107 | 7.5 |
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or ac
|
20-10-2021 - 11:15 | 15-04-2014 - 23:13 | |
CVE-2014-0364 | 5.0 |
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
|
23-02-2021 - 16:13 | 30-04-2014 - 10:49 | |
CVE-2014-0363 | 5.8 |
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and o
|
23-02-2021 - 16:12 | 30-04-2014 - 10:49 |