Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-36183 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. Published: January 06, 2021; 7:15:15 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36182 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. Published: January 06, 2021; 7:15:14 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36180 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. Published: January 06, 2021; 7:15:14 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36179 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. Published: January 06, 2021; 7:15:14 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36188 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36187 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36186 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36185 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36184 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. Published: January 06, 2021; 6:15:13 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-36181 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. Published: January 06, 2021; 6:15:12 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-35728 |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). Published: December 27, 2020; 12:15:11 AM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-26217 |
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. Published: November 16, 2020; 4:15:12 PM -0500 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2020-24616 |
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). Published: August 25, 2020; 2:15:11 PM -0400 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-12399 |
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables. Published: January 14, 2020; 10:15:12 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-0228 |
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Published: April 17, 2019; 11:29:00 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |