Filtered by vendor Redhat Subscriptions
Filtered by product Logging Subscriptions
Total 131 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-15586 6 Cloudfoundry, Debian, Fedoraproject and 3 more 15 Cf-deployment, Routing-release, Debian Linux and 12 more 2024-11-21 5.9 Medium
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
CVE-2019-14379 7 Apple, Debian, Fasterxml and 4 more 37 Xcode, Debian Linux, Jackson-databind and 34 more 2024-11-21 9.8 Critical
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CVE-2018-19362 4 Debian, Fasterxml, Oracle and 1 more 22 Debian Linux, Jackson-databind, Business Process Management Suite and 19 more 2024-11-21 N/A
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVE-2018-19361 4 Debian, Fasterxml, Oracle and 1 more 22 Debian Linux, Jackson-databind, Business Process Management Suite and 19 more 2024-11-21 N/A
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CVE-2018-19360 4 Debian, Fasterxml, Oracle and 1 more 22 Debian Linux, Jackson-databind, Business Process Management Suite and 19 more 2024-11-21 N/A
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2018-14721 4 Debian, Fasterxml, Oracle and 1 more 21 Debian Linux, Jackson-databind, Banking Platform and 18 more 2024-11-21 N/A
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVE-2018-14720 4 Debian, Fasterxml, Oracle and 1 more 21 Debian Linux, Jackson-databind, Banking Platform and 18 more 2024-11-21 N/A
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-14719 5 Debian, Fasterxml, Netapp and 2 more 31 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 28 more 2024-11-21 9.8 Critical
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14718 5 Debian, Fasterxml, Netapp and 2 more 36 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 33 more 2024-11-21 9.8 Critical
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2024-47875 1 Redhat 5 Enterprise Linux, Logging, Openshift and 2 more 2024-10-15 10 Critical
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
CVE-2024-45801 1 Redhat 6 Acm, Ansible Automation Platform, Cryostat and 3 more 2024-09-20 7.3 High
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.