Show filters
67 Total Results
Displaying 61-67 of 67
Sort by:
Attacker Value
Unknown

CVE-2019-20330

Disclosure Date: January 03, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
Attacker Value
Unknown

CVE-2019-10219

Disclosure Date: November 08, 2019 (last updated November 08, 2023)
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Attacker Value
Unknown

CVE-2019-12415

Disclosure Date: October 23, 2019 (last updated November 08, 2023)
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
Attacker Value
Unknown

CVE-2019-16942

Disclosure Date: October 01, 2019 (last updated November 08, 2023)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
Attacker Value
Unknown

CVE-2019-14540

Disclosure Date: September 15, 2019 (last updated November 08, 2023)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Attacker Value
Unknown

CVE-2019-0227

Disclosure Date: May 01, 2019 (last updated November 08, 2023)
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
Attacker Value
Unknown

CVE-2018-8032

Disclosure Date: August 02, 2018 (last updated November 08, 2023)
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.