Max CVSS | 9.3 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-4000 | 4.3 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
|
22-10-2024 - 13:42 | 21-05-2015 - 00:59 | |
CVE-2019-13990 | 7.5 |
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
|
15-10-2024 - 19:35 | 26-07-2019 - 19:15 | |
CVE-2020-2555 | 7.5 |
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows una
|
02-10-2024 - 14:24 | 15-01-2020 - 17:15 | |
CVE-2020-1938 | 7.5 |
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t
|
24-07-2024 - 14:23 | 24-02-2020 - 22:15 | |
CVE-2020-10969 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
|
03-07-2024 - 01:36 | 26-03-2020 - 13:15 | |
CVE-2020-11113 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
|
03-07-2024 - 01:36 | 31-03-2020 - 05:15 | |
CVE-2020-10673 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
|
03-07-2024 - 01:36 | 18-03-2020 - 22:15 | |
CVE-2020-11111 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
|
03-07-2024 - 01:36 | 31-03-2020 - 05:15 | |
CVE-2020-11112 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
|
03-07-2024 - 01:36 | 31-03-2020 - 05:15 | |
CVE-2020-10672 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
|
03-07-2024 - 01:36 | 18-03-2020 - 22:15 | |
CVE-2020-10968 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
|
03-07-2024 - 01:36 | 26-03-2020 - 13:15 | |
CVE-2020-1971 | 4.3 |
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they
|
21-06-2024 - 19:15 | 08-12-2020 - 16:15 | |
CVE-2018-8032 | 4.3 |
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
|
21-06-2024 - 19:15 | 02-08-2018 - 13:29 | |
CVE-2019-0227 | 5.4 |
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to buil
|
21-06-2024 - 19:15 | 01-05-2019 - 21:29 | |
CVE-2021-2103 | 5.8 |
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated att
|
19-04-2024 - 17:30 | 20-01-2021 - 15:15 | |
CVE-2021-2104 | 5.8 |
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated att
|
19-04-2024 - 17:30 | 20-01-2021 - 15:15 | |
CVE-2021-2102 | 5.8 |
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated att
|
19-04-2024 - 17:30 | 20-01-2021 - 15:15 | |
CVE-2019-11358 | 4.3 |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
|
16-02-2024 - 16:32 | 20-04-2019 - 00:29 | |
CVE-2019-10744 | 6.4 |
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
|
21-01-2024 - 02:45 | 26-07-2019 - 00:15 | |
CVE-2019-17566 | 5.0 |
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make
|
07-01-2024 - 11:15 | 12-11-2020 - 18:15 | |
CVE-2019-3773 | 7.5 |
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
|
27-12-2023 - 15:15 | 18-01-2019 - 22:29 | |
CVE-2020-11080 | 5.0 |
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings e
|
16-10-2023 - 18:15 | 03-06-2020 - 23:15 | |
CVE-2012-2098 | 5.0 |
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with ma
|
14-09-2023 - 00:15 | 29-06-2012 - 19:55 | |
CVE-2020-9548 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
|
13-09-2023 - 14:57 | 02-03-2020 - 04:15 | |
CVE-2020-9547 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
|
13-09-2023 - 14:57 | 02-03-2020 - 04:15 | |
CVE-2020-24616 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
|
13-09-2023 - 14:56 | 25-08-2020 - 18:15 | |
CVE-2020-24750 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
|
13-09-2023 - 14:56 | 17-09-2020 - 19:15 | |
CVE-2020-11023 | 4.3 |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
|
31-08-2023 - 03:15 | 29-04-2020 - 21:15 | |
CVE-2020-11022 | 4.3 |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
|
31-08-2023 - 03:15 | 29-04-2020 - 22:15 | |
CVE-2019-12402 | 5.0 |
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names insi
|
18-08-2023 - 14:15 | 30-08-2019 - 09:15 | |
CVE-2019-20907 | 5.0 |
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
|
24-05-2023 - 21:15 | 13-07-2020 - 13:15 | |
CVE-2020-14422 | 4.3 |
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary
|
16-05-2023 - 02:15 | 18-06-2020 - 14:15 | |
CVE-2020-17521 | 2.1 |
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operatin
|
14-04-2023 - 18:32 | 07-12-2020 - 20:15 | |
CVE-2020-5421 | 3.6 |
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses
|
01-03-2023 - 18:56 | 19-09-2020 - 04:15 | |
CVE-2020-8287 | 6.4 |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This c
|
03-02-2023 - 19:12 | 06-01-2021 - 21:15 | |
CVE-2021-2007 | 4.3 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with ne
|
08-12-2022 - 03:04 | 20-01-2021 - 15:15 | |
CVE-2019-0230 | 7.5 |
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
|
02-12-2022 - 19:47 | 14-09-2020 - 17:15 | |
CVE-2020-1968 | 4.3 |
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the atta
|
21-11-2022 - 19:48 | 09-09-2020 - 14:15 | |
CVE-2018-1285 | 7.5 |
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
|
27-10-2022 - 20:05 | 11-05-2020 - 17:15 | |
CVE-2020-25866 | 5.0 |
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasona
|
07-10-2022 - 15:19 | 06-10-2020 - 15:15 | |
CVE-2019-11135 | 2.1 |
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
|
07-10-2022 - 15:03 | 14-11-2019 - 19:15 | |
CVE-2019-17359 | 5.0 |
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
|
07-10-2022 - 14:50 | 08-10-2019 - 14:15 | |
CVE-2019-17563 | 5.1 |
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be p
|
07-10-2022 - 13:39 | 23-12-2019 - 17:15 | |
CVE-2020-24584 | 5.0 |
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
|
07-10-2022 - 13:20 | 01-09-2020 - 13:15 | |
CVE-2020-24583 | 5.0 |
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading file
|
07-10-2022 - 13:14 | 01-09-2020 - 13:15 | |
CVE-2020-9490 | 5.0 |
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via
|
07-10-2022 - 12:58 | 07-08-2020 - 16:15 | |
CVE-2020-11973 | 7.5 |
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
|
05-10-2022 - 20:53 | 14-05-2020 - 17:15 | |
CVE-2019-10173 | 7.5 |
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshall
|
05-10-2022 - 20:38 | 23-07-2019 - 13:15 | |
CVE-2020-9281 | 4.3 |
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
|
12-09-2022 - 13:51 | 07-03-2020 - 01:15 | |
CVE-2020-10725 | 4.0 |
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that
|
02-09-2022 - 15:36 | 20-05-2020 - 14:15 | |
CVE-2020-10723 | 4.6 |
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out
|
02-09-2022 - 15:36 | 19-05-2020 - 19:15 | |
CVE-2020-10722 | 4.6 |
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
|
02-09-2022 - 15:36 | 19-05-2020 - 19:15 | |
CVE-2020-10726 | 2.1 |
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), whi
|
02-09-2022 - 15:34 | 20-05-2020 - 14:15 | |
CVE-2020-13254 | 4.3 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
|
02-09-2022 - 15:33 | 03-06-2020 - 14:15 | |
CVE-2019-20892 | 4.0 |
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream
|
02-09-2022 - 15:31 | 25-06-2020 - 10:15 | |
CVE-2020-17498 | 4.3 |
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
|
02-09-2022 - 15:31 | 13-08-2020 - 16:15 | |
CVE-2020-13596 | 4.3 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
|
02-09-2022 - 15:31 | 03-06-2020 - 14:15 | |
CVE-2020-15025 | 4.0 |
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC alg
|
02-09-2022 - 15:31 | 24-06-2020 - 19:15 | |
CVE-2019-17569 | 5.8 |
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of H
|
02-09-2022 - 15:30 | 24-02-2020 - 22:15 | |
CVE-2020-25020 | 7.5 |
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.
|
02-09-2022 - 15:29 | 29-08-2020 - 19:15 | |
CVE-2021-2032 | 4.0 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network ac
|
29-08-2022 - 20:52 | 20-01-2021 - 15:15 | |
CVE-2020-7064 | 5.8 |
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead
|
29-08-2022 - 20:04 | 01-04-2020 - 04:15 | |
CVE-2019-1559 | 4.3 |
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid
|
19-08-2022 - 11:14 | 27-02-2019 - 23:29 | |
CVE-2018-0732 | 5.0 |
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result
|
16-08-2022 - 13:00 | 12-06-2018 - 13:29 | |
CVE-2019-9511 | 7.8 |
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. T
|
12-08-2022 - 18:43 | 13-08-2019 - 21:15 | |
CVE-2019-9513 | 7.8 |
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the
|
12-08-2022 - 18:41 | 13-08-2019 - 21:15 | |
CVE-2020-10531 | 6.8 |
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
|
12-08-2022 - 18:28 | 12-03-2020 - 19:15 | |
CVE-2020-35460 | 5.0 |
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
|
06-08-2022 - 03:53 | 14-12-2020 - 23:15 | |
CVE-2020-5398 | 7.6 |
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response
|
25-07-2022 - 18:15 | 17-01-2020 - 00:15 | |
CVE-2020-9484 | 4.4 |
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste
|
25-07-2022 - 18:15 | 20-05-2020 - 19:15 | |
CVE-2019-10086 | 7.5 |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
|
25-07-2022 - 18:15 | 20-08-2019 - 21:15 | |
CVE-2020-10683 | 7.5 |
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a
|
25-07-2022 - 18:15 | 01-05-2020 - 19:15 | |
CVE-2016-1000031 | 7.5 |
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
|
25-07-2022 - 18:15 | 25-10-2016 - 14:29 | |
CVE-2015-8965 | 7.5 |
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesControll
|
23-07-2022 - 10:33 | 06-04-2017 - 21:59 | |
CVE-2021-2011 | 7.1 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via m
|
18-07-2022 - 18:47 | 20-01-2021 - 15:15 | |
CVE-2021-2022 | 6.3 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with n
|
13-07-2022 - 14:09 | 20-01-2021 - 15:15 | |
CVE-2021-2119 | 2.1 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
30-06-2022 - 19:06 | 20-01-2021 - 15:15 | |
CVE-2018-10237 | 4.3 |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray
|
29-06-2022 - 19:15 | 26-04-2018 - 21:29 | |
CVE-2019-14862 | 4.3 |
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
|
07-06-2022 - 18:41 | 02-01-2020 - 15:15 | |
CVE-2019-12399 | 5.0 |
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring
|
07-06-2022 - 18:41 | 14-01-2020 - 15:15 | |
CVE-2019-17195 | 6.8 |
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
|
07-06-2022 - 18:40 | 15-10-2019 - 14:15 | |
CVE-2020-17530 | 7.5 |
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
|
03-06-2022 - 16:38 | 11-12-2020 - 02:15 | |
CVE-2020-13871 | 5.0 |
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
|
13-05-2022 - 20:57 | 06-06-2020 - 16:15 | |
CVE-2018-15756 | 5.0 |
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler,
|
13-05-2022 - 20:56 | 18-10-2018 - 22:29 | |
CVE-2020-8172 | 5.8 |
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
|
12-05-2022 - 15:01 | 08-06-2020 - 14:15 | |
CVE-2020-8174 | 9.3 |
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
|
12-05-2022 - 15:01 | 24-07-2020 - 22:15 | |
CVE-2020-15358 | 2.1 |
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
|
12-05-2022 - 15:01 | 27-06-2020 - 12:15 | |
CVE-2020-13935 | 5.0 |
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with inv
|
12-05-2022 - 15:01 | 14-07-2020 - 15:15 | |
CVE-2020-9488 | 4.3 |
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo
|
12-05-2022 - 15:00 | 27-04-2020 - 16:15 | |
CVE-2020-12723 | 5.0 |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
|
12-05-2022 - 15:00 | 05-06-2020 - 15:15 | |
CVE-2020-11971 | 5.0 |
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
|
12-05-2022 - 15:00 | 14-05-2020 - 17:15 | |
CVE-2020-10543 | 6.4 |
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
|
12-05-2022 - 15:00 | 05-06-2020 - 14:15 | |
CVE-2020-10878 | 7.5 |
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
|
12-05-2022 - 15:00 | 05-06-2020 - 14:15 | |
CVE-2020-13954 | 4.3 |
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to
|
12-05-2022 - 14:47 | 12-11-2020 - 13:15 | |
CVE-2020-11979 | 5.0 |
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without
|
12-05-2022 - 14:43 | 01-10-2020 - 20:15 | |
CVE-2020-8277 | 5.0 |
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number
|
10-05-2022 - 15:25 | 19-11-2020 - 01:15 | |
CVE-2020-11612 | 5.0 |
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free m
|
26-04-2022 - 17:05 | 07-04-2020 - 18:15 | |
CVE-2019-10247 | 5.0 |
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 4
|
22-04-2022 - 20:09 | 22-04-2019 - 20:29 | |
CVE-2019-5427 | 5.0 |
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
|
22-04-2022 - 19:28 | 22-04-2019 - 21:29 | |
CVE-2019-1551 | 5.0 |
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this d
|
19-04-2022 - 15:36 | 06-12-2019 - 18:15 | |
CVE-2019-0233 | 5.0 |
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
|
18-04-2022 - 15:23 | 14-09-2020 - 17:15 | |
CVE-2018-1258 | 6.5 |
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted
|
11-04-2022 - 17:18 | 11-05-2018 - 20:29 | |
CVE-2019-12415 | 2.1 |
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E
|
08-04-2022 - 13:30 | 23-10-2019 - 20:15 | |
CVE-2020-11656 | 7.5 |
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
|
08-04-2022 - 10:34 | 09-04-2020 - 03:15 | |
CVE-2020-11655 | 5.0 |
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
|
08-04-2022 - 10:34 | 09-04-2020 - 03:15 | |
CVE-2020-9327 | 5.0 |
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
|
08-04-2022 - 10:33 | 21-02-2020 - 22:15 | |
CVE-2019-17091 | 4.3 |
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
|
06-04-2022 - 18:00 | 02-10-2019 - 14:15 | |
CVE-2020-8265 | 6.8 |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap
|
06-04-2022 - 16:26 | 06-01-2021 - 21:15 | |
CVE-2017-5645 | 7.5 |
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
|
04-04-2022 - 16:53 | 17-04-2017 - 21:59 | |
CVE-2020-1945 | 3.3 |
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr
|
04-04-2022 - 13:31 | 14-05-2020 - 16:15 | |
CVE-2020-11994 | 5.0 |
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
|
01-04-2022 - 15:33 | 08-07-2020 - 16:15 | |
CVE-2021-2010 | 4.9 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with net
|
30-03-2022 - 19:22 | 20-01-2021 - 15:15 | |
CVE-2021-2006 | 6.3 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to c
|
30-03-2022 - 19:20 | 20-01-2021 - 15:15 | |
CVE-2021-1998 | 5.5 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
30-03-2022 - 19:18 | 20-01-2021 - 15:15 | |
CVE-2020-14756 | 7.5 |
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unaut
|
29-03-2022 - 16:40 | 20-01-2021 - 15:15 | |
CVE-2020-13934 | 5.0 |
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException co
|
01-03-2022 - 21:01 | 14-07-2020 - 15:15 | |
CVE-2020-27216 | 4.4 |
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can obser
|
01-03-2022 - 20:35 | 23-10-2020 - 13:15 | |
CVE-2021-2001 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attack
|
04-01-2022 - 17:45 | 20-01-2021 - 15:15 | |
CVE-2021-2009 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip
|
04-01-2022 - 17:45 | 20-01-2021 - 15:15 | |
CVE-2021-2002 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple p
|
04-01-2022 - 17:45 | 20-01-2021 - 15:15 | |
CVE-2021-2058 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
|
04-01-2022 - 17:28 | 20-01-2021 - 15:15 | |
CVE-2021-2042 | 2.1 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Se
|
04-01-2022 - 17:28 | 20-01-2021 - 15:15 | |
CVE-2021-2056 | 6.3 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protoco
|
04-01-2022 - 17:28 | 20-01-2021 - 15:15 | |
CVE-2021-2055 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
04-01-2022 - 17:28 | 20-01-2021 - 15:15 | |
CVE-2021-2046 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
|
04-01-2022 - 17:28 | 20-01-2021 - 15:15 | |
CVE-2021-2048 | 7.0 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to
|
04-01-2022 - 17:28 | 20-01-2021 - 15:15 | |
CVE-2021-2030 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2012 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2038 | 6.3 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2028 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2021 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2016 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2031 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2019 | 4.0 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2036 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2020 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple prot
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2014 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 5.7.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2024 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple prot
|
04-01-2022 - 17:27 | 20-01-2021 - 15:15 | |
CVE-2021-2088 | 4.9 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MyS
|
04-01-2022 - 17:09 | 20-01-2021 - 15:15 | |
CVE-2021-2122 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
|
04-01-2022 - 17:09 | 20-01-2021 - 15:15 | |
CVE-2021-2065 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
04-01-2022 - 17:08 | 20-01-2021 - 15:15 | |
CVE-2021-2061 | 6.3 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protoco
|
04-01-2022 - 17:08 | 20-01-2021 - 15:15 | |
CVE-2021-2087 | 4.9 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MyS
|
04-01-2022 - 17:08 | 20-01-2021 - 15:15 | |
CVE-2021-2076 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
04-01-2022 - 17:08 | 20-01-2021 - 15:15 | |
CVE-2021-2060 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attack
|
04-01-2022 - 17:08 | 20-01-2021 - 15:15 | |
CVE-2021-2081 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
|
04-01-2022 - 17:08 | 20-01-2021 - 15:15 | |
CVE-2021-2072 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
|
04-01-2022 - 17:08 | 20-01-2021 - 15:15 | |
CVE-2021-2070 | 6.8 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
04-01-2022 - 17:08 | 20-01-2021 - 15:15 | |
CVE-2020-11998 | 7.5 |
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https:
|
10-12-2021 - 18:11 | 10-09-2020 - 19:15 | |
CVE-2020-1967 | 5.0 |
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur
|
10-12-2021 - 17:11 | 21-04-2020 - 14:15 | |
CVE-2019-7164 | 7.5 |
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
|
03-12-2021 - 20:09 | 20-02-2019 - 00:29 | |
CVE-2020-9546 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
|
02-12-2021 - 21:22 | 02-03-2020 - 04:15 | |
CVE-2019-7548 | 6.8 |
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
|
30-11-2021 - 19:52 | 06-02-2019 - 21:29 | |
CVE-2020-14062 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
|
17-11-2021 - 20:21 | 14-06-2020 - 20:15 | |
CVE-2020-14195 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
|
17-11-2021 - 20:20 | 16-06-2020 - 16:15 | |
CVE-2020-14060 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
|
17-11-2021 - 20:20 | 14-06-2020 - 21:15 | |
CVE-2020-14061 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, o
|
17-11-2021 - 16:56 | 14-06-2020 - 20:15 | |
CVE-2020-10724 | 2.1 |
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
|
19-10-2021 - 14:17 | 19-05-2020 - 19:15 | |
CVE-2020-14147 | 4.0 |
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly
|
30-07-2021 - 13:59 | 15-06-2020 - 18:15 | |
CVE-2020-11996 | 5.0 |
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTT
|
21-07-2021 - 11:39 | 26-06-2020 - 17:15 | |
CVE-2020-5407 | 6.5 |
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify
|
14-06-2021 - 18:15 | 13-05-2020 - 17:15 | |
CVE-2020-5408 | 4.0 |
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A
|
14-06-2021 - 18:15 | 14-05-2020 - 18:15 | |
CVE-2016-5725 | 4.3 |
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
|
14-06-2021 - 18:15 | 19-01-2017 - 22:59 | |
CVE-2017-12626 | 5.0 |
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and
|
14-06-2021 - 18:15 | 29-01-2018 - 17:29 | |
CVE-2019-10246 | 5.0 |
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory co
|
14-06-2021 - 18:15 | 22-04-2019 - 20:29 | |
CVE-2020-11984 | 7.5 |
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
|
06-06-2021 - 11:15 | 07-08-2020 - 16:15 | |
CVE-2020-11993 | 4.3 |
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev
|
06-06-2021 - 11:15 | 07-08-2020 - 16:15 | |
CVE-2020-11985 | 4.3 |
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in
|
06-06-2021 - 11:15 | 07-08-2020 - 16:15 | |
CVE-2020-1935 | 5.8 |
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug
|
04-05-2021 - 19:19 | 24-02-2020 - 22:15 | |
CVE-2021-2047 | 7.5 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated att
|
18-03-2021 - 16:32 | 20-01-2021 - 15:15 | |
CVE-2018-20781 | 2.1 |
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
|
16-03-2021 - 14:02 | 12-02-2019 - 17:29 | |
CVE-2020-11972 | 7.5 |
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
|
15-03-2021 - 22:15 | 14-05-2020 - 17:15 | |
CVE-2019-0188 | 5.0 |
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
|
15-03-2021 - 18:25 | 28-05-2019 - 19:29 | |
CVE-2018-11775 | 5.8 |
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by def
|
05-03-2021 - 19:15 | 10-09-2018 - 20:29 | |
CVE-2020-14803 | 5.0 |
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocol
|
24-02-2021 - 21:42 | 21-10-2020 - 15:15 | |
CVE-2020-11620 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
|
22-02-2021 - 21:33 | 07-04-2020 - 23:15 | |
CVE-2020-11619 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
|
22-02-2021 - 21:29 | 07-04-2020 - 23:15 | |
CVE-2020-26575 | 5.0 |
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
|
11-02-2021 - 14:48 | 06-10-2020 - 15:15 | |
CVE-2020-25863 | 5.0 |
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
|
10-02-2021 - 20:22 | 06-10-2020 - 15:15 | |
CVE-2020-25862 | 5.0 |
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
|
10-02-2021 - 20:20 | 06-10-2020 - 15:15 | |
CVE-2017-5611 | 7.5 |
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post typ
|
30-01-2021 - 02:37 | 30-01-2017 - 04:59 | |
CVE-2018-2587 | 5.8 |
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthentica
|
30-01-2021 - 02:37 | 19-04-2018 - 02:29 | |
CVE-2018-7318 | 7.5 |
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
|
30-01-2021 - 02:37 | 22-02-2018 - 19:29 | |
CVE-2019-3778 | 6.4 |
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malic
|
30-01-2021 - 02:36 | 07-03-2019 - 18:29 | |
CVE-2018-9019 | 7.5 |
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/jour
|
30-01-2021 - 02:36 | 22-05-2018 - 20:29 | |
CVE-2019-11269 | 5.8 |
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicio
|
30-01-2021 - 02:36 | 12-06-2019 - 15:29 | |
CVE-2021-2125 | 3.6 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
28-01-2021 - 18:37 | 20-01-2021 - 15:15 | |
CVE-2021-2131 | 2.1 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 22:37 | 20-01-2021 - 15:15 | |
CVE-2021-2130 | 4.9 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 22:36 | 20-01-2021 - 15:15 | |
CVE-2021-2129 | 3.6 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 22:36 | 20-01-2021 - 15:15 | |
CVE-2021-2128 | 2.1 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure
|
27-01-2021 - 22:36 | 20-01-2021 - 15:15 | |
CVE-2021-2126 | 2.1 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 22:35 | 20-01-2021 - 15:15 | |
CVE-2021-2109 | 6.5 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high
|
27-01-2021 - 22:33 | 20-01-2021 - 15:15 | |
CVE-2021-2111 | 2.1 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 22:33 | 20-01-2021 - 15:15 | |
CVE-2021-2086 | 4.9 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 22:33 | 20-01-2021 - 15:15 | |
CVE-2021-2112 | 2.1 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 22:32 | 20-01-2021 - 15:15 | |
CVE-2021-2121 | 4.9 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 22:30 | 20-01-2021 - 15:15 | |
CVE-2021-2120 | 2.1 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 22:30 | 20-01-2021 - 15:15 | |
CVE-2021-2074 | 4.6 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 01:40 | 20-01-2021 - 15:15 | |
CVE-2021-2073 | 4.9 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 01:34 | 20-01-2021 - 15:15 | |
CVE-2021-2127 | 4.9 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 01:32 | 20-01-2021 - 15:15 | |
CVE-2021-2124 | 4.9 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
27-01-2021 - 01:19 | 20-01-2021 - 15:15 | |
CVE-2021-2057 | 6.5 |
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 19.0. Easily exploitable vulnerability allows low pri
|
26-01-2021 - 20:04 | 20-01-2021 - 15:15 | |
CVE-2021-2062 | 4.9 |
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged at
|
26-01-2021 - 19:55 | 20-01-2021 - 15:15 | |
CVE-2021-2059 | 5.0 |
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network
|
26-01-2021 - 19:36 | 20-01-2021 - 15:15 | |
CVE-2021-2054 | 6.5 |
Vulnerability in the RDBMS Sharding component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Any View, Cr
|
26-01-2021 - 19:28 | 20-01-2021 - 15:15 | |
CVE-2021-2052 | 5.0 |
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated att
|
26-01-2021 - 18:41 | 20-01-2021 - 15:15 | |
CVE-2021-2123 | 2.1 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
|
26-01-2021 - 18:21 | 20-01-2021 - 15:15 | |
CVE-2021-2118 | 5.8 |
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacke
|
26-01-2021 - 18:06 | 20-01-2021 - 15:15 | |
CVE-2021-2117 | 4.9 |
Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account pri
|
26-01-2021 - 17:29 | 20-01-2021 - 15:15 | |
CVE-2021-2116 | 4.9 |
Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Accoun
|
26-01-2021 - 17:09 | 20-01-2021 - 15:15 | |
CVE-2021-2115 | 4.9 |
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker
|
26-01-2021 - 16:44 | 20-01-2021 - 15:15 | |
CVE-2021-2050 | 6.5 |
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low p
|
26-01-2021 - 16:29 | 20-01-2021 - 15:15 | |
CVE-2021-2051 | 6.5 |
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low p
|
26-01-2021 - 16:21 | 20-01-2021 - 15:15 | |
CVE-2021-2114 | 5.8 |
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Applications Calendar). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthe
|
26-01-2021 - 16:14 | 20-01-2021 - 15:15 | |
CVE-2021-2113 | 4.0 |
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: On Demand Billing). Supported versions that are affected are 2.9.0.0 and 2.9.0.1. Easily exploitable vulnerabi
|
26-01-2021 - 16:00 | 20-01-2021 - 15:15 | |
CVE-2021-2110 | 4.0 |
Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Letters). The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTT
|
26-01-2021 - 15:53 | 20-01-2021 - 15:15 | |
CVE-2021-2049 | 6.5 |
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privilege
|
26-01-2021 - 15:21 | 20-01-2021 - 15:15 | |
CVE-2021-2099 | 5.8 |
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network a
|
26-01-2021 - 15:17 | 20-01-2021 - 15:15 | |
CVE-2021-2108 | 7.5 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v
|
26-01-2021 - 15:11 | 20-01-2021 - 15:15 | |
CVE-2021-2107 | 5.8 |
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticate
|
26-01-2021 - 15:07 | 20-01-2021 - 15:15 | |
CVE-2021-2106 | 5.8 |
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticate
|
26-01-2021 - 14:45 | 20-01-2021 - 15:15 | |
CVE-2021-2105 | 5.8 |
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticate
|
26-01-2021 - 14:45 | 20-01-2021 - 15:15 | |
CVE-2021-2034 | 5.8 |
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
|
25-01-2021 - 21:50 | 20-01-2021 - 15:15 | |
CVE-2021-2035 | 6.5 |
Vulnerability in the RDBMS Scheduler component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Export Full Database privilege
|
25-01-2021 - 21:47 | 20-01-2021 - 15:15 | |
CVE-2021-2039 | 4.9 |
Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Search). Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HT
|
25-01-2021 - 21:45 | 20-01-2021 - 15:15 | |
CVE-2021-2040 | 5.8 |
Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Case Form, Local Affiliate Form). The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows unauthenticated attacker wi
|
25-01-2021 - 21:39 | 20-01-2021 - 15:15 | |
CVE-2021-2041 | 6.8 |
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthen
|
25-01-2021 - 21:30 | 20-01-2021 - 15:15 | |
CVE-2021-2043 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network acces
|
25-01-2021 - 21:11 | 20-01-2021 - 15:15 | |
CVE-2021-2044 | 4.0 |
Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Financial Sanctions). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access
|
25-01-2021 - 21:08 | 20-01-2021 - 15:15 | |
CVE-2021-2094 | 5.8 |
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attack
|
25-01-2021 - 21:06 | 20-01-2021 - 15:15 | |
CVE-2021-2100 | 6.4 |
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attack
|
25-01-2021 - 21:03 | 20-01-2021 - 15:15 | |
CVE-2021-2101 | 6.4 |
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attack
|
25-01-2021 - 20:58 | 20-01-2021 - 15:15 | |
CVE-2021-2096 | 5.8 |
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network
|
25-01-2021 - 20:57 | 20-01-2021 - 15:15 | |
CVE-2021-2097 | 5.8 |
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network acc
|
25-01-2021 - 20:54 | 20-01-2021 - 15:15 | |
CVE-2021-2045 | 3.5 |
Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with net
|
25-01-2021 - 20:54 | 20-01-2021 - 15:15 | |
CVE-2021-2098 | 5.8 |
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with
|
25-01-2021 - 20:52 | 20-01-2021 - 15:15 | |
CVE-2021-2025 | 5.8 |
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable
|
25-01-2021 - 19:59 | 20-01-2021 - 15:15 | |
CVE-2021-2026 | 5.8 |
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacke
|
25-01-2021 - 19:55 | 20-01-2021 - 15:15 | |
CVE-2021-2027 | 5.8 |
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacke
|
25-01-2021 - 19:51 | 20-01-2021 - 15:15 | |
CVE-2021-2033 | 4.0 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low priv
|
25-01-2021 - 19:47 | 20-01-2021 - 15:15 | |
CVE-2021-2089 | 5.8 |
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Runtime Catalog). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with netwo
|
25-01-2021 - 19:45 | 20-01-2021 - 15:15 | |
CVE-2021-2091 | 5.8 |
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with netw
|
25-01-2021 - 19:44 | 20-01-2021 - 15:15 | |
CVE-2021-2090 | 5.8 |
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with
|
25-01-2021 - 19:44 | 20-01-2021 - 15:15 | |
CVE-2021-2092 | 5.8 |
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker wit
|
25-01-2021 - 19:42 | 20-01-2021 - 15:15 | |
CVE-2021-2093 | 5.8 |
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthen
|
25-01-2021 - 19:42 | 20-01-2021 - 15:15 | |
CVE-2021-2018 | 5.1 |
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compro
|
25-01-2021 - 17:32 | 20-01-2021 - 15:15 | |
CVE-2021-2084 | 5.8 |
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker wit
|
25-01-2021 - 17:29 | 20-01-2021 - 15:15 | |
CVE-2021-2085 | 5.8 |
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker wit
|
25-01-2021 - 17:23 | 20-01-2021 - 15:15 | |
CVE-2021-2023 | 4.3 |
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network a
|
25-01-2021 - 17:06 | 20-01-2021 - 15:15 | |
CVE-2021-2068 | 7.5 |
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with net
|
25-01-2021 - 16:06 | 20-01-2021 - 15:15 | |
CVE-2021-2069 | 7.5 |
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with net
|
25-01-2021 - 16:00 | 20-01-2021 - 15:15 | |
CVE-2021-2071 | 6.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with net
|
25-01-2021 - 15:56 | 20-01-2021 - 15:15 | |
CVE-2021-2017 | 4.0 |
Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker wit
|
25-01-2021 - 15:54 | 20-01-2021 - 15:15 | |
CVE-2021-2075 | 7.5 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unau
|
25-01-2021 - 15:47 | 20-01-2021 - 15:15 | |
CVE-2021-2077 | 5.8 |
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network
|
25-01-2021 - 15:43 | 20-01-2021 - 15:15 | |
CVE-2021-2078 | 5.8 |
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
|
25-01-2021 - 15:37 | 20-01-2021 - 15:15 | |
CVE-2021-2080 | 5.8 |
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
|
25-01-2021 - 15:33 | 20-01-2021 - 15:15 | |
CVE-2021-2082 | 5.8 |
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network
|
25-01-2021 - 15:33 | 20-01-2021 - 15:15 | |
CVE-2021-2079 | 5.8 |
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
|
25-01-2021 - 15:33 | 20-01-2021 - 15:15 | |
CVE-2021-2083 | 5.8 |
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: User Responsibilities). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker wi
|
25-01-2021 - 15:31 | 20-01-2021 - 15:15 | |
CVE-2021-2015 | 5.8 |
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to c
|
25-01-2021 - 15:23 | 20-01-2021 - 15:15 | |
CVE-2021-2063 | 4.6 |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with logon to the
|
25-01-2021 - 14:22 | 20-01-2021 - 15:15 | |
CVE-2021-2064 | 7.5 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v
|
25-01-2021 - 14:20 | 20-01-2021 - 15:15 | |
CVE-2021-2066 | 7.5 |
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with net
|
25-01-2021 - 14:18 | 20-01-2021 - 15:15 | |
CVE-2021-2004 | 4.0 |
Vulnerability in the Siebel Core - Server BizLogic Script product of Oracle Siebel CRM (component: Integration - Scripting). Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker wit
|
25-01-2021 - 14:17 | 20-01-2021 - 15:15 | |
CVE-2021-2067 | 7.5 |
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with net
|
25-01-2021 - 14:17 | 20-01-2021 - 15:15 | |
CVE-2021-2029 | 7.5 |
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with netwo
|
23-01-2021 - 00:34 | 20-01-2021 - 15:15 | |
CVE-2021-2013 | 6.5 |
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low pr
|
22-01-2021 - 19:18 | 20-01-2021 - 15:15 | |
CVE-2021-1994 | 7.5 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo
|
22-01-2021 - 18:33 | 20-01-2021 - 15:15 | |
CVE-2021-2005 | 4.3 |
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows un
|
22-01-2021 - 18:33 | 20-01-2021 - 15:15 | |
CVE-2021-2000 | 3.5 |
Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYS Account privilege with netwo
|
22-01-2021 - 18:33 | 20-01-2021 - 15:15 | |
CVE-2021-1997 | 5.5 |
Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Report). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker wit
|
22-01-2021 - 18:33 | 20-01-2021 - 15:15 | |
CVE-2021-1999 | 1.2 |
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastru
|
22-01-2021 - 18:33 | 20-01-2021 - 15:15 | |
CVE-2021-2003 | 4.9 |
Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vul
|
22-01-2021 - 18:33 | 20-01-2021 - 15:15 | |
CVE-2021-1996 | 3.5 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with netwo
|
22-01-2021 - 18:33 | 20-01-2021 - 15:15 | |
CVE-2021-1993 | 2.1 |
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network
|
22-01-2021 - 18:33 | 20-01-2021 - 15:15 | |
CVE-2021-1995 | 4.0 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with networ
|
22-01-2021 - 18:33 | 20-01-2021 - 15:15 | |
CVE-2021-2043 | None |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network acces
|
20-01-2021 - 15:15 | 20-01-2021 - 15:15 | |
CVE-2017-8028 | 5.1 |
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy a
|
20-01-2021 - 15:15 | 27-11-2017 - 10:29 | |
CVE-2020-11979 | 5.0 |
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without
|
01-10-2020 - 20:15 | 01-10-2020 - 20:15 | |
CVE-2020-11023 | 4.3 |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
|
01-10-2020 - 00:15 | 29-04-2020 - 21:15 | |
CVE-2020-1945 | 3.3 |
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr
|
30-09-2020 - 21:15 | 14-05-2020 - 16:15 | |
CVE-2020-5421 | 6.5 |
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses
|
30-09-2020 - 16:46 | 19-09-2020 - 04:15 | |
CVE-2020-24750 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
|
30-09-2020 - 13:48 | 17-09-2020 - 19:15 | |
CVE-2020-1968 | 4.3 |
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the atta
|
26-09-2020 - 00:15 | 09-09-2020 - 14:15 | |
CVE-2020-24584 | 5.0 |
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
|
25-09-2020 - 20:15 | 01-09-2020 - 13:15 | |
CVE-2020-24583 | 5.0 |
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading file
|
25-09-2020 - 20:15 | 01-09-2020 - 13:15 | |
CVE-2020-11612 | 7.5 |
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free m
|
25-09-2020 - 20:15 | 07-04-2020 - 18:15 | |
CVE-2020-11022 | 4.3 |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
|
25-09-2020 - 20:15 | 29-04-2020 - 22:15 |