Max CVSS | 7.5 | Min CVSS | 4.7 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-12022 | 5.1 |
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in
|
13-09-2023 - 14:22 | 21-03-2019 - 16:00 | |
CVE-2018-14642 | 5.0 |
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain
|
08-12-2020 - 15:50 | 18-09-2018 - 13:29 | |
CVE-2018-12023 | 5.1 |
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid
|
20-10-2020 - 22:15 | 21-03-2019 - 16:00 | |
CVE-2019-3805 | 4.7 |
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss
|
16-10-2020 - 16:04 | 03-05-2019 - 20:29 | |
CVE-2019-3894 | 6.5 |
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could all
|
15-10-2020 - 19:50 | 03-05-2019 - 20:29 | |
CVE-2018-14721 | 7.5 |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
|
31-08-2020 - 14:15 | 02-01-2019 - 18:29 | |
CVE-2018-14720 | 7.5 |
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
|
31-08-2020 - 14:15 | 02-01-2019 - 18:29 | |
CVE-2019-3868 | 5.5 |
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session.
|
10-02-2020 - 21:52 | 24-04-2019 - 16:29 |