Total
146 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8203 | 2 Lodash, Oracle | 18 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 15 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | |||||
| CVE-2020-36189 | 4 Debian, Fasterxml, Netapp and 1 more | 40 Debian Linux, Jackson-databind, Cloud Backup and 37 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. | |||||
| CVE-2020-36188 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. | |||||
| CVE-2020-36187 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. | |||||
| CVE-2020-36186 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. | |||||
| CVE-2020-36185 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. | |||||
| CVE-2020-36184 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. | |||||
| CVE-2020-36183 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. | |||||
| CVE-2020-36182 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. | |||||
| CVE-2020-36181 | 4 Debian, Fasterxml, Netapp and 1 more | 44 Debian Linux, Jackson-databind, Service Level Manager and 41 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. | |||||
| CVE-2020-36180 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. | |||||
| CVE-2020-36179 | 4 Debian, Fasterxml, Netapp and 1 more | 43 Debian Linux, Jackson-databind, Cloud Backup and 40 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. | |||||
| CVE-2020-35728 | 4 Debian, Fasterxml, Netapp and 1 more | 40 Debian Linux, Jackson-databind, Service Level Manager and 37 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). | |||||
| CVE-2020-2733 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-28500 | 3 Lodash, Oracle, Siemens | 19 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 16 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. | |||||
| CVE-2020-28052 | 3 Apache, Bouncycastle, Oracle | 20 Karaf, Legion-of-the-bouncy-castle-java-crytography-api, Banking Corporate Lending Process Management and 17 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. | |||||
| CVE-2020-27216 | 6 Apache, Debian, Eclipse and 3 more | 19 Beam, Debian Linux, Jetty and 16 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. | |||||
| CVE-2020-27193 | 2 Ckeditor, Oracle | 9 Ckeditor, Agile Plm, Application Express and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | |||||
| CVE-2020-25649 | 6 Apache, Fasterxml, Fedoraproject and 3 more | 39 Iotdb, Jackson-databind, Fedora and 36 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | |||||
| CVE-2020-25648 | 4 Fedoraproject, Mozilla, Oracle and 1 more | 6 Fedora, Network Security Services, Communications Offline Mediation Controller and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. | |||||