Max CVSS 7.5 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-14888 5.0
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
01-04-2022 - 15:45 23-01-2020 - 17:15
CVE-2019-16869 5.0
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
30-03-2022 - 14:21 26-09-2019 - 16:15
CVE-2019-10219 4.3
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
20-02-2022 - 06:22 08-11-2019 - 15:15
CVE-2019-14885 4.0
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw ca
29-10-2021 - 15:16 23-01-2020 - 22:15
CVE-2019-16942 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.
20-07-2021 - 23:15 01-10-2019 - 17:15
CVE-2019-17531 6.8
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext
20-07-2021 - 23:15 12-10-2019 - 21:15
CVE-2019-16943 6.8
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja
20-07-2021 - 23:15 01-10-2019 - 17:15
CVE-2019-14893 7.5
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling m
16-03-2021 - 17:29 02-03-2020 - 21:15
CVE-2019-16335 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
22-02-2021 - 21:42 15-09-2019 - 22:15
CVE-2019-17267 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
22-02-2021 - 21:39 07-10-2019 - 00:15
CVE-2019-14540 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
22-02-2021 - 21:38 15-09-2019 - 22:15
CVE-2019-16869 5.0
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
25-09-2020 - 00:15 26-09-2019 - 16:15
CVE-2019-14892 7.5
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to ex
04-09-2020 - 12:15 02-03-2020 - 17:15
Back to Top Mark selected
Back to Top