CVE-2017-15095
- EPSS 9.26%
- Veröffentlicht 06.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:03
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe...
- EPSS 0.1%
- Veröffentlicht 10.01.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:32:06
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privi...
CVE-2017-15100
- EPSS 0.34%
- Veröffentlicht 27.11.2017 14:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on...
CVE-2017-5929
- EPSS 10.14%
- Veröffentlicht 13.03.2017 06:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.