| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-7525 | 7.5 |
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj
|
08-06-2023 - 17:57 | 06-02-2018 - 15:29 | |
| CVE-2017-15089 | 6.5 |
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the cl
|
04-06-2019 - 17:29 | 15-02-2018 - 17:29 | |
| CVE-2014-9970 | 5.0 |
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
|
14-02-2018 - 02:29 | 21-05-2017 - 18:29 |