CVE-2019-10086
- EPSS 28.84%
- Veröffentlicht 20.08.2019 21:15:12
- Zuletzt bearbeitet 21.11.2024 04:18:22
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa...
CVE-2019-14439
- EPSS 10.76%
- Veröffentlicht 30.07.2019 11:15:11
- Zuletzt bearbeitet 21.11.2024 04:26:44
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logbac...
CVE-2019-14379
- EPSS 8.05%
- Veröffentlicht 29.07.2019 12:15:16
- Zuletzt bearbeitet 21.11.2024 04:26:37
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CVE-2019-2564
- EPSS 0.94%
- Veröffentlicht 23.04.2019 19:32:48
- Zuletzt bearbeitet 21.11.2024 04:41:06
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network acces...
CVE-2019-11358
- EPSS 87.22%
- Veröffentlicht 20.04.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:56
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...
CVE-2018-12022
- EPSS 7.29%
- Veröffentlicht 21.03.2019 16:00:12
- Zuletzt bearbeitet 21.11.2024 03:44:25
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in ...
CVE-2018-12023
- EPSS 8.87%
- Veröffentlicht 21.03.2019 16:00:12
- Zuletzt bearbeitet 21.11.2024 03:44:26
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid...
CVE-2019-1559
- EPSS 17.14%
- Veröffentlicht 27.02.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:36:48
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...
CVE-2018-14718
- EPSS 12.68%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:39
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-15769
- EPSS 2.65%
- Veröffentlicht 16.11.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:26
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients dur...