CVE-2018-14719
- EPSS 2.65%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:40
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14718
- EPSS 14.75%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:39
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-7489
- EPSS 36.21%
- Veröffentlicht 26.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:12:13
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously c...
CVE-2017-15095
- EPSS 7.41%
- Veröffentlicht 06.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:03
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe...
CVE-2017-7525
- EPSS 77.34%
- Veröffentlicht 06.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:32:04
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj...
CVE-2016-2381
- EPSS 18.02%
- Veröffentlicht 08.04.2016 15:59:05
- Zuletzt bearbeitet 12.04.2025 10:46:40
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.