Max CVSS 7.5 Min CVSS 7.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-7525 7.5
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj
08-06-2023 - 17:57 06-02-2018 - 15:29
CVE-2017-7657 7.5
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow
20-07-2021 - 23:15 26-06-2018 - 16:29
CVE-2014-0112 7.5
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability ex
12-08-2019 - 21:15 29-04-2014 - 10:37
Back to Top Mark selected
Back to Top