| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-3192 | 4.3 |
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) vi
|
11-04-2022 - 17:18 | 12-07-2016 - 19:59 | |
| CVE-2015-5254 | 7.5 |
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
|
17-12-2019 - 17:41 | 08-01-2016 - 19:59 | |
| CVE-2016-3088 | 7.5 |
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
|
27-03-2019 - 20:29 | 01-06-2016 - 20:59 | |
| CVE-2015-7940 | 5.0 |
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "
|
16-01-2019 - 19:29 | 09-11-2015 - 16:59 | |
| CVE-2016-4437 | 6.8 |
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
|
09-10-2018 - 20:00 | 07-06-2016 - 14:06 |