U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
There are 55 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Published: July 21, 2021; 11:15:21 AM -0400
V3.1: 8.3 HIGH
V2.0: 5.1 MEDIUM
CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Published: April 13, 2021; 3:15:12 AM -0400
V3.1: 4.8 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

Published: January 06, 2021; 7:15:15 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 7:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 7:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 7:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

Published: January 06, 2021; 6:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

Published: January 06, 2021; 6:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

Published: December 27, 2020; 12:15:11 AM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

Published: December 17, 2020; 2:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35490

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

Published: December 17, 2020; 2:15:14 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-24750

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

Published: September 17, 2020; 3:15:13 PM -0400
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-24616

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

Published: August 25, 2020; 2:15:11 PM -0400
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

Published: May 11, 2020; 1:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

Published: May 01, 2020; 3:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH