Total
83 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7536 | 1 Redhat | 7 Enterprise Linux, Hibernate Validator, Jboss Enterprise Application Platform and 4 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). | |||||
| CVE-2017-7525 | 5 Debian, Fasterxml, Netapp and 2 more | 22 Debian Linux, Jackson-databind, Oncommand Balance and 19 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | |||||
| CVE-2016-2124 | 5 Canonical, Debian, Fedoraproject and 2 more | 24 Ubuntu Linux, Debian Linux, Fedora and 21 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | |||||