Max CVSS 9.3 Min CVSS 6.8 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-1938 7.5
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t
29-04-2022 - 13:24 24-02-2020 - 22:15
CVE-2019-14379 7.5
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
22-04-2022 - 16:03 29-07-2019 - 12:15
CVE-2018-1270 7.5
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ma
06-04-2022 - 19:37 06-04-2018 - 13:29
CVE-2017-5645 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
04-04-2022 - 16:53 17-04-2017 - 21:59
CVE-2018-1000613 7.5
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT priv
14-01-2022 - 15:20 09-07-2018 - 20:29
CVE-2019-5736 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types
16-12-2021 - 18:38 11-02-2019 - 19:29
CVE-2020-9548 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
02-12-2021 - 21:23 02-03-2020 - 04:15
CVE-2020-9546 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
02-12-2021 - 21:22 02-03-2020 - 04:15
CVE-2020-9547 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
02-12-2021 - 21:22 02-03-2020 - 04:15
CVE-2019-20330 7.5
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
20-07-2021 - 23:15 03-01-2020 - 04:15
CVE-2019-16942 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.
20-07-2021 - 23:15 01-10-2019 - 17:15
CVE-2019-17531 6.8
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext
20-07-2021 - 23:15 12-10-2019 - 21:15
CVE-2019-16943 6.8
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja
20-07-2021 - 23:15 01-10-2019 - 17:15
CVE-2018-14719 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
21-05-2021 - 15:22 02-01-2019 - 18:29
CVE-2019-14893 7.5
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling m
16-03-2021 - 17:29 02-03-2020 - 21:15
CVE-2020-8840 7.5
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
22-02-2021 - 21:45 10-02-2020 - 21:56
CVE-2019-16335 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
22-02-2021 - 21:42 15-09-2019 - 22:15
CVE-2019-17267 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
22-02-2021 - 21:39 07-10-2019 - 00:15
CVE-2019-14540 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
22-02-2021 - 21:38 15-09-2019 - 22:15
CVE-2020-11620 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
22-02-2021 - 21:33 07-04-2020 - 23:15
CVE-2020-11619 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
22-02-2021 - 21:29 07-04-2020 - 23:15
CVE-2019-14892 7.5
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to ex
04-09-2020 - 12:15 02-03-2020 - 17:15
CVE-2018-19361 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-19360 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2019-15752 9.3
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or s
31-08-2020 - 14:15 28-08-2019 - 21:15
CVE-2018-19362 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-14721 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-14720 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2014-0048 7.5
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
31-08-2020 - 14:15 02-01-2020 - 17:15
Back to Top Mark selected
Back to Top