Max CVSS 7.5 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-14380 6.0
An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellit
16-06-2021 - 17:40 02-06-2021 - 13:15
CVE-2020-14195 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
14-06-2021 - 18:15 16-06-2020 - 16:15
CVE-2020-14061 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, o
14-06-2021 - 18:15 14-06-2020 - 20:15
CVE-2020-14062 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
14-06-2021 - 18:15 14-06-2020 - 20:15
CVE-2020-10693 5.0
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping
10-06-2021 - 13:47 06-05-2020 - 14:15
CVE-2020-7238 5.0
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869
27-05-2021 - 16:21 27-01-2020 - 17:15
CVE-2020-9547 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
22-02-2021 - 21:50 02-03-2020 - 04:15
CVE-2020-8840 7.5
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
22-02-2021 - 21:45 10-02-2020 - 21:56
CVE-2020-9546 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
22-02-2021 - 21:44 02-03-2020 - 04:15
CVE-2020-9548 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
22-02-2021 - 21:43 02-03-2020 - 04:15
CVE-2020-10969 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
22-02-2021 - 21:36 26-03-2020 - 13:15
CVE-2020-10968 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
22-02-2021 - 21:36 26-03-2020 - 13:15
CVE-2020-11619 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
22-02-2021 - 21:29 07-04-2020 - 23:15
CVE-2020-14334 4.6
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.
04-12-2020 - 18:15 31-07-2020 - 13:15
CVE-2020-8161 5.0
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
05-10-2020 - 23:15 02-07-2020 - 19:15
CVE-2020-8184 5.0
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
05-10-2020 - 23:15 19-06-2020 - 17:15
CVE-2020-5267 3.5
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in
05-10-2020 - 02:15 19-03-2020 - 18:15
CVE-2020-7238 5.0
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869
25-09-2020 - 20:15 27-01-2020 - 17:15
CVE-2020-7663 5.0
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-b
17-09-2020 - 15:15 02-06-2020 - 19:15
CVE-2019-12781 5.0
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django vi
24-08-2020 - 17:37 01-07-2019 - 14:15
CVE-2020-5217 5.0
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be inj
21-05-2020 - 13:51 23-01-2020 - 03:15
CVE-2018-11751 4.8
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
07-04-2020 - 13:10 16-12-2019 - 22:15
CVE-2020-7942 4.0
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `
02-04-2020 - 19:15 19-02-2020 - 21:15
CVE-2020-7943 5.0
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain
24-03-2020 - 18:15 11-03-2020 - 23:15
CVE-2020-5216 5.0
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injec
18-02-2020 - 14:58 23-01-2020 - 03:15
CVE-2019-16782 4.3
There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id.
18-01-2020 - 23:15 18-12-2019 - 20:15
CVE-2018-3258 6.5
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
03-10-2019 - 00:03 17-10-2018 - 01:31
Back to Top Mark selected
Back to Top