Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-10673 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
|
03-07-2024 - 01:36 | 18-03-2020 - 22:15 | |
CVE-2020-10672 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
|
03-07-2024 - 01:36 | 18-03-2020 - 22:15 | |
CVE-2019-11358 | 4.3 |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
|
16-02-2024 - 16:32 | 20-04-2019 - 00:29 | |
CVE-2019-16943 | 6.8 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja
|
13-09-2023 - 14:55 | 01-10-2019 - 17:15 | |
CVE-2019-16335 | 7.5 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
|
13-09-2023 - 14:55 | 15-09-2019 - 22:15 | |
CVE-2019-14540 | 7.5 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
|
13-09-2023 - 14:54 | 15-09-2019 - 22:15 | |
CVE-2019-17531 | 6.8 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext
|
13-09-2023 - 14:53 | 12-10-2019 - 21:15 | |
CVE-2020-11023 | 4.3 |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
|
31-08-2023 - 03:15 | 29-04-2020 - 21:15 | |
CVE-2020-11022 | 4.3 |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
|
31-08-2023 - 03:15 | 29-04-2020 - 22:15 | |
CVE-2019-16942 | 7.5 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.
|
08-06-2023 - 18:00 | 01-10-2019 - 17:15 | |
CVE-2019-10179 | 4.3 |
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could t
|
12-02-2023 - 23:33 | 20-03-2020 - 15:15 | |
CVE-2019-10146 | 2.6 |
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that
|
12-02-2023 - 23:32 | 18-03-2020 - 15:15 | |
CVE-2019-8331 | 4.3 |
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
|
16-05-2022 - 19:52 | 20-02-2019 - 16:29 | |
CVE-2018-14042 | 4.3 |
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
|
22-07-2021 - 18:15 | 13-07-2018 - 14:29 | |
CVE-2018-14040 | 4.3 |
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
|
22-07-2021 - 18:15 | 13-07-2018 - 14:29 | |
CVE-2016-10735 | 4.3 |
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
|
22-07-2021 - 18:15 | 09-01-2019 - 05:29 | |
CVE-2020-1721 | 4.3 |
A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could
|
10-05-2021 - 20:16 | 30-04-2021 - 12:15 | |
CVE-2015-9251 | 4.3 |
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
|
08-01-2021 - 12:15 | 18-01-2018 - 23:29 | |
CVE-2020-11023 | 4.3 |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
|
01-10-2020 - 00:15 | 29-04-2020 - 21:15 | |
CVE-2020-11022 | 4.3 |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
|
25-09-2020 - 20:15 | 29-04-2020 - 22:15 | |
CVE-2020-15720 | 4.0 |
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tool
|
23-07-2020 - 16:33 | 14-07-2020 - 14:15 | |
CVE-2019-10221 | 4.3 |
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to tr
|
25-03-2020 - 14:09 | 20-03-2020 - 15:15 |