| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-12384 | 4.3 |
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be
|
13-09-2023 - 14:16 | 24-06-2019 - 16:15 | |
| CVE-2014-0107 | 7.5 |
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or ac
|
20-10-2021 - 11:15 | 15-04-2014 - 23:13 | |
| CVE-2018-8037 | 4.3 |
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present
|
15-04-2019 - 16:31 | 02-08-2018 - 14:29 |