| 2018-02-06 | CVE-2017-15095 | Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | 9.8 |
| 2018-02-06 | CVE-2017-7525 | Incomplete Blacklist vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | 9.8 |
| 2017-10-19 | CVE-2017-10285 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). | 9.6 |
| 2017-10-16 | CVE-2016-4461 | Improper Input Validation vulnerability in multiple products
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. | 9.0 |
| 2017-08-08 | CVE-2017-10087 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 9.6 |
| 2017-08-08 | CVE-2017-10090 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 9.6 |
| 2017-08-08 | CVE-2017-10096 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). | 9.6 |
| 2017-08-08 | CVE-2017-10101 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). | 9.6 |
| 2017-08-08 | CVE-2017-10102 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). | 9.0 |
| 2017-08-08 | CVE-2017-10107 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). | 9.6 |