Known Vulnerabilities for products from Pippo
Listed below are 5 of the newest known vulnerabilities associated with the vendor "Pippo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-5442 json | XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively an... | 7.5 - HIGH | 2019-06-12 | 2020-10-16 |
| CVE-2018-20059 json | jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | 9.8 - CRITICAL | 2018-12-11 | 2019-01-03 |
| CVE-2018-18628 json | An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.rea... | 9.8 - CRITICAL | 2018-10-23 | 2019-01-28 |
| CVE-2018-18240 json | Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine compone... | 9.8 - CRITICAL | 2018-10-11 | 2020-08-24 |
| CVE-2017-18349 json | parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers ... | 9.8 - CRITICAL | 2018-10-23 | 2019-01-28 |
Known software with vulnerabilities from Pippo
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pippo | Pippo | 0.1.0 |