Filtered by vendor Oracle Subscriptions
Filtered by product Communications Offline Mediation Controller Subscriptions
Total 37 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-36179 5 Debian, Fasterxml, Netapp and 2 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-35491 5 Debian, Fasterxml, Netapp and 2 more 28 Debian Linux, Jackson-databind, Service Level Manager and 25 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-35490 5 Debian, Fasterxml, Netapp and 2 more 27 Debian Linux, Jackson-databind, Service Level Manager and 24 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-28196 5 Fedoraproject, Mit, Netapp and 2 more 13 Fedora, Kerberos 5, Active Iq Unified Manager and 10 more 2024-11-21 7.5 High
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
CVE-2020-27783 6 Debian, Fedoraproject, Lxml and 3 more 9 Debian Linux, Fedora, Lxml and 6 more 2024-11-21 6.1 Medium
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
CVE-2020-27218 6 Apache, Debian, Eclipse and 3 more 23 Kafka, Spark, Debian Linux and 20 more 2024-11-21 4.8 Medium
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
CVE-2020-27216 7 Apache, Debian, Eclipse and 4 more 24 Beam, Debian Linux, Jetty and 21 more 2024-11-21 7.0 High
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
CVE-2020-25649 7 Apache, Fasterxml, Fedoraproject and 4 more 50 Iotdb, Jackson-databind, Fedora and 47 more 2024-11-21 7.5 High
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVE-2020-25648 4 Fedoraproject, Mozilla, Oracle and 1 more 7 Fedora, Network Security Services, Communications Offline Mediation Controller and 4 more 2024-11-21 7.5 High
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
CVE-2020-24750 4 Debian, Fasterxml, Oracle and 1 more 29 Debian Linux, Jackson-databind, Agile Plm and 26 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVE-2020-24616 4 Debian, Fasterxml, Netapp and 1 more 25 Debian Linux, Jackson-databind, Active Iq Unified Manager and 22 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVE-2020-12723 6 Fedoraproject, Netapp, Opensuse and 3 more 21 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 18 more 2024-11-21 7.5 High
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-11987 5 Apache, Debian, Fedoraproject and 2 more 23 Batik, Debian Linux, Fedora and 20 more 2024-11-21 8.2 High
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2020-10878 6 Fedoraproject, Netapp, Opensuse and 3 more 22 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 19 more 2024-11-21 8.6 High
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
CVE-2020-10543 5 Fedoraproject, Opensuse, Oracle and 2 more 20 Fedora, Leap, Communications Billing And Revenue Management and 17 more 2024-11-21 8.2 High
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2019-17566 3 Apache, Oracle, Redhat 21 Batik, Api Gateway, Business Intelligence and 18 more 2024-11-21 7.5 High
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2019-10219 3 Netapp, Oracle, Redhat 199 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 196 more 2024-11-21 6.1 Medium
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.