CVE-2020-11620
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). Published:
April 07, 2020; 7:15:12 PM -0400
|
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
|
CVE-2020-11619
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). Published:
April 07, 2020; 7:15:12 PM -0400
|
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
|
CVE-2020-11113
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). Published:
March 31, 2020; 1:15:13 AM -0400
|
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
|
CVE-2020-11112
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). Published:
March 31, 2020; 1:15:13 AM -0400
|
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
|
CVE-2020-11111
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). Published:
March 31, 2020; 1:15:13 AM -0400
|
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
|
CVE-2020-10969
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. Published:
March 26, 2020; 9:15:13 AM -0400
|
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
|
CVE-2020-10968
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). Published:
March 26, 2020; 9:15:12 AM -0400
|
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
|
CVE-2020-10673
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). Published:
March 18, 2020; 6:15:12 PM -0400
|
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
|
CVE-2020-10672
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). Published:
March 18, 2020; 6:15:12 PM -0400
|
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
|
CVE-2020-9548
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). Published:
March 01, 2020; 11:15:11 PM -0500
|
V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
|
CVE-2020-9547
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). Published:
March 01, 2020; 11:15:11 PM -0500
|
V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
|
CVE-2020-9546
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). Published:
March 01, 2020; 11:15:10 PM -0500
|
V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
|
CVE-2019-3740
|
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. Published:
September 18, 2019; 7:15:11 PM -0400
|
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
|
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
