Max CVSS 9.0 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-0193 9.0
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH adm
24-07-2024 - 17:08 01-08-2019 - 14:15
CVE-2019-11358 4.3
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
16-02-2024 - 16:32 20-04-2019 - 00:29
CVE-2019-16335 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
13-09-2023 - 14:55 15-09-2019 - 22:15
CVE-2019-14439 5.0
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logbac
13-09-2023 - 14:54 30-07-2019 - 11:15
CVE-2019-14540 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
13-09-2023 - 14:54 15-09-2019 - 22:15
CVE-2019-12384 4.3
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be
13-09-2023 - 14:16 24-06-2019 - 16:15
CVE-2019-12086 5.0
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
13-09-2023 - 14:16 17-05-2019 - 17:29
CVE-2019-12814 4.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in
13-09-2023 - 14:15 19-06-2019 - 14:15
CVE-2019-10768 5.0
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
02-12-2022 - 19:31 19-11-2019 - 21:15
CVE-2019-10247 5.0
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 4
22-04-2022 - 20:09 22-04-2019 - 20:29
CVE-2016-5017 6.8
Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.
17-11-2021 - 22:15 21-09-2016 - 14:25
CVE-2018-8012 5.0
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit cha
14-09-2021 - 12:13 21-05-2018 - 19:29
CVE-2017-5637 5.0
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3
20-07-2021 - 23:15 10-10-2017 - 01:30
CVE-2019-10080 4.0
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the v
14-06-2021 - 18:15 19-11-2019 - 22:15
CVE-2019-10246 5.0
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory co
14-06-2021 - 18:15 22-04-2019 - 20:29
CVE-2018-1000873 4.3
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious
19-01-2021 - 15:41 20-12-2018 - 17:29
CVE-2017-3164 5.0
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to
09-12-2020 - 11:15 08-03-2019 - 21:29
CVE-2019-0192 7.5
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trig
09-12-2020 - 11:15 07-03-2019 - 21:29
CVE-2019-12086 5.0
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
01-10-2020 - 00:15 17-05-2019 - 17:29
CVE-2018-19361 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-19360 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-19362 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2019-12421 6.5
When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to
24-01-2020 - 05:15 19-11-2019 - 22:15
CVE-2019-10083 5.0
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which
24-01-2020 - 05:15 19-11-2019 - 22:15
Back to Top Mark selected
Back to Top