Lucene search
+L

170 matches found

UbuntuCve
UbuntuCve
added 2019/10/01 5:15 p.m.42 views

CVE-2019-16943

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in the classpath, and an attacker can find an RMI...

9.8CVSS6.9AI score0.04901EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/10/01 4:6 p.m.34 views

CVE-2019-16943

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in the classpath, and an attacker can find an RMI...

9.4AI score0.04901EPSS
Exploits0References26
OSV
OSV
added 2018/12/13 2:29 p.m.6 views

CVE-2018-8033

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...

7.5CVSS5.8AI score0.25743EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/12/13 12:0 a.m.5 views

PT-2018-18396 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 16.11.01 through 16.11.04 Description: The issue concerns the OFBiz HTTP engine, specifically the handling of requests for HTTP services via the "/webtools/control/httpService" endpoint. Both POST and GET requests to thi...

7.5CVSS7.6AI score0.25743EPSS
Exploits0References5
CNVD
CNVD
added 2018/01/22 12:0 a.m.4 views

Unspecified Vulnerability in Oracle Hospitality Labor Management Component

Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. The solution provides human resources cost management, provide customer service throughout the journey tracking management to improve customer...

8.1CVSS6.8AI score0.01168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/08/28 12:0 a.m.4 views

PT-2017-19317 · Osnexus · Quantastor

Name of the Vulnerable Software and Affected Versions: OSNEXUS QuantaStor versions prior to 4.3.1 Description: The issue allows an attacker to inject arbitrary HTML or JavaScript code as a parameter in a REST call, potentially leading to a cross-site scripting XSS attack. When an invalid REST cal...

6.1CVSS5.4AI score0.02559EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2014/10/01 6:10 p.m.7 views

CXF: HTML content posted to SOAP endpoint could cause OOM errors

A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly...

4.3CVSS7.4AI score0.03644EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/01/10 12:0 a.m.67 views

RHEL 5 : JBoss EAP (RHSA-2013:1784)

An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common...

5.5CVSS7.1AI score0.01809EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2013/02/22 12:0 a.m.53 views

Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)

The version of Sun Java Runtime Environment JRE installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.220 / 1.3.125. Such versions are potentially affected by the following security issues : - A denial of service vulnerability affects the JRE LDAP implementation. 254569. ...

10CVSS7AI score0.12692EPSS
Exploits1References25
RedHat Linux
RedHat Linux
added 2009/03/06 4:58 p.m.3 views

JBoss EAP unprivileged local xml file access

The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...

5CVSS5.9AI score0.01805EPSS
Exploits0References4
Rows per page
Query Builder