Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-24122 |
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances. Published: January 14, 2021; 10:15:13 AM -0500 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-36183 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. Published: January 06, 2021; 7:15:15 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36182 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. Published: January 06, 2021; 7:15:14 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36180 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. Published: January 06, 2021; 7:15:14 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36179 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. Published: January 06, 2021; 7:15:14 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36189 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36188 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36187 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36186 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36185 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36184 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36181 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. Published: January 06, 2021; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-35728 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). Published: December 27, 2020; 12:15:11 AM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-35491 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. Published: December 17, 2020; 2:15:14 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-35490 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. Published: December 17, 2020; 2:15:14 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-17521 |
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. Published: December 07, 2020; 3:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-25649 |
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. Published: December 03, 2020; 12:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-27193 |
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. Published: November 12, 2020; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-24750 |
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. Published: September 17, 2020; 3:15:13 PM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-24616 |
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). Published: August 25, 2020; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |