CVEs (44)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
6Apache DebianFasterxml+3 more18Banking Platform Communications Diameter Signaling RouterCommunications Instant Messaging Server+15 moreNov 21, 2024 Jul 30, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint...Show more |
7Apple DebianFasterxml+4 more24Active Iq Unified Manager Banking PlatformCommunications Diameter Signaling Router+21 moreNov 21, 2024 Jul 29, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code ex...Show more |
5Apache AtlassianNetapp+2 more31Active Iq Unified Manager Apache Batik MapviewerBanking Enterprise Originations+28 moreNov 21, 2024 Jul 26, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. |
5Debian FasterxmlNetapp+2 more25Banking Platform Business Process Management SuiteCommunications Billing And Revenue Management+22 moreNov 21, 2024 Jan 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. |