CVE-2019-2945
- EPSS 0.27%
- Published 16.10.2019 18:15:29
- Last modified 21.11.2024 04:41:50
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauth...
CVE-2019-11068
- EPSS 1.01%
- Published 10.04.2019 20:29:01
- Last modified 21.11.2024 04:20:28
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is su...
CVE-2018-12538
- EPSS 0.43%
- Published 22.06.2018 19:29:00
- Last modified 21.11.2024 03:45:23
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatche...
CVE-2018-5968
- EPSS 2.12%
- Published 22.01.2018 04:29:00
- Last modified 21.11.2024 04:09:46
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets ...
CVE-2017-17485
- EPSS 79.79%
- Published 10.01.2018 18:29:01
- Last modified 27.08.2025 21:15:33
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to t...