Max CVSS 7.5 Min CVSS 3.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2013-4152 6.8
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF at
11-04-2022 - 17:36 23-01-2014 - 21:55
CVE-2014-0054 6.8
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct
11-04-2022 - 17:36 17-04-2014 - 14:55
CVE-2013-6429 6.8
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CS
11-04-2022 - 17:16 26-01-2014 - 16:58
CVE-2014-0050 7.5
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that b
17-07-2021 - 08:15 01-04-2014 - 06:27
CVE-2014-1904 4.3
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a defau
27-03-2019 - 18:57 20-03-2014 - 16:55
CVE-2013-2192 3.2
The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtai
24-03-2017 - 01:59 24-01-2014 - 18:55
CVE-2013-2035 4.4
Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with
18-01-2015 - 02:59 28-08-2013 - 23:55
Back to Top Mark selected
Back to Top