Max CVSS 10.0 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2018-3693 4.7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
19-11-2021 - 18:15 10-07-2018 - 21:29
CVE-2020-11023 4.3
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
17-11-2021 - 22:17 29-04-2020 - 21:15
CVE-2020-11022 4.3
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
17-11-2021 - 22:17 29-04-2020 - 22:15
CVE-2016-6306 4.3
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
17-11-2021 - 22:15 26-09-2016 - 19:59
CVE-2016-2183 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
17-11-2021 - 22:15 01-09-2016 - 00:59
CVE-2020-14062 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
17-11-2021 - 20:21 14-06-2020 - 20:15
CVE-2020-14195 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
17-11-2021 - 20:20 16-06-2020 - 16:15
CVE-2020-14060 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
17-11-2021 - 20:20 14-06-2020 - 21:15
CVE-2020-14061 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, o
17-11-2021 - 16:56 14-06-2020 - 20:15
CVE-2019-3739 4.3
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA key
08-11-2021 - 15:48 18-09-2019 - 23:15
CVE-2019-3738 4.3
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable share
08-11-2021 - 15:48 18-09-2019 - 23:15
CVE-2019-3740 4.3
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys
08-11-2021 - 15:48 18-09-2019 - 23:15
CVE-2019-5482 7.5
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
03-11-2021 - 19:34 16-09-2019 - 19:15
CVE-2019-5443 4.4
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privile
03-11-2021 - 18:21 02-07-2019 - 19:15
CVE-2019-5427 5.0
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
20-10-2021 - 11:15 22-04-2019 - 21:29
CVE-2020-5397 2.6
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vul
20-10-2021 - 11:15 17-01-2020 - 19:15
CVE-2020-9548 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
20-10-2021 - 11:15 02-03-2020 - 04:15
CVE-2020-5398 7.6
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response
20-10-2021 - 11:15 17-01-2020 - 00:15
CVE-2018-20843 7.8
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
20-10-2021 - 11:15 24-06-2019 - 17:15
CVE-2018-8088 7.5
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
20-10-2021 - 11:15 20-03-2018 - 16:29
CVE-2020-9484 4.4
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste
20-10-2021 - 11:15 20-05-2020 - 19:15
CVE-2020-9488 4.3
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
20-10-2021 - 11:15 27-04-2020 - 16:15
CVE-2020-9546 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
20-10-2021 - 11:15 02-03-2020 - 04:15
CVE-2020-9281 4.3
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
20-10-2021 - 11:15 07-03-2020 - 01:15
CVE-2020-9547 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
20-10-2021 - 11:15 02-03-2020 - 04:15
CVE-2017-5645 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
20-10-2021 - 11:15 17-04-2017 - 21:59
CVE-2019-13990 7.5
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
20-10-2021 - 11:15 26-07-2019 - 19:15
CVE-2019-12415 2.1
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E
20-10-2021 - 11:15 23-10-2019 - 20:15
CVE-2020-1967 5.0
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur
20-10-2021 - 11:15 21-04-2020 - 14:15
CVE-2019-12402 5.0
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names insi
20-10-2021 - 11:15 30-08-2019 - 09:15
CVE-2020-13935 5.0
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with inv
20-10-2021 - 11:15 14-07-2020 - 15:15
CVE-2020-12723 5.0
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
20-10-2021 - 11:15 05-06-2020 - 15:15
CVE-2019-11358 4.3
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
20-10-2021 - 11:15 20-04-2019 - 00:29
CVE-2020-1945 3.3
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr
20-10-2021 - 11:15 14-05-2020 - 16:15
CVE-2020-10969 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
20-10-2021 - 11:15 26-03-2020 - 13:15
CVE-2020-10543 6.4
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
20-10-2021 - 11:15 05-06-2020 - 14:15
CVE-2020-11113 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
20-10-2021 - 11:15 31-03-2020 - 05:15
CVE-2020-10878 7.5
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
20-10-2021 - 11:15 05-06-2020 - 14:15
CVE-2020-10673 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
20-10-2021 - 11:15 18-03-2020 - 22:15
CVE-2020-11111 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
20-10-2021 - 11:15 31-03-2020 - 05:15
CVE-2020-10683 7.5
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a
20-10-2021 - 11:15 01-05-2020 - 19:15
CVE-2020-11112 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
20-10-2021 - 11:15 31-03-2020 - 05:15
CVE-2020-10672 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
20-10-2021 - 11:15 18-03-2020 - 22:15
CVE-2020-10968 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
20-10-2021 - 11:15 26-03-2020 - 13:15
CVE-2016-1000031 7.5
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
20-10-2021 - 11:15 25-10-2016 - 14:29
CVE-2020-10724 2.1
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
19-10-2021 - 14:17 19-05-2020 - 19:15
CVE-2020-11080 5.0
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings e
17-10-2021 - 08:15 03-06-2020 - 23:15
CVE-2020-8174 9.3
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
07-10-2021 - 17:15 24-07-2020 - 22:15
CVE-2017-7525 7.5
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj
27-09-2021 - 18:15 06-02-2018 - 15:29
CVE-2020-11971 5.0
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
23-09-2021 - 12:21 14-05-2020 - 17:15
CVE-2020-15358 2.1
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
22-09-2021 - 14:22 27-06-2020 - 12:15
CVE-2019-17495 7.5
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. I
21-09-2021 - 15:15 10-10-2019 - 22:15
CVE-2020-3235 6.3
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Th
17-09-2021 - 18:49 03-06-2020 - 18:15
CVE-2020-1730 5.0
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup th
14-09-2021 - 13:39 13-04-2020 - 19:15
CVE-2019-12900 7.5
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
14-09-2021 - 12:18 19-06-2019 - 23:15
CVE-2019-12260 7.5
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.
07-09-2021 - 14:41 09-08-2019 - 21:15
CVE-2019-12261 7.5
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.
07-09-2021 - 14:41 09-08-2019 - 21:15
CVE-2016-3189 4.3
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
29-08-2021 - 07:15 30-06-2016 - 17:59
CVE-2019-0201 4.3
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field a
16-08-2021 - 13:15 23-05-2019 - 14:29
CVE-2019-10247 5.0
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 4
05-08-2021 - 12:15 22-04-2019 - 20:29
CVE-2019-10241 4.3
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showi
05-08-2021 - 12:15 22-04-2019 - 20:29
CVE-2019-1563 4.3
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decryp
31-07-2021 - 08:15 10-09-2019 - 17:15
CVE-2019-1547 1.9
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those case
31-07-2021 - 08:15 10-09-2019 - 17:15
CVE-2019-1552 1.9
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --opens
31-07-2021 - 08:15 30-07-2019 - 17:15
CVE-2019-17543 6.8
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a
23-07-2021 - 12:15 14-10-2019 - 02:15
CVE-2020-7067 5.0
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers a
22-07-2021 - 18:15 27-04-2020 - 21:15
CVE-2019-11048 5.0
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit a
22-07-2021 - 18:15 20-05-2020 - 08:15
CVE-2020-11656 7.5
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
22-07-2021 - 18:15 09-04-2020 - 03:15
CVE-2020-11655 5.0
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
22-07-2021 - 18:15 09-04-2020 - 03:15
CVE-2020-9489 4.3
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and
21-07-2021 - 11:39 27-04-2020 - 14:15
CVE-2019-17558 6.0
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined
21-07-2021 - 11:39 30-12-2019 - 17:15
CVE-2020-9410 6.8
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for Acti
21-07-2021 - 11:39 20-05-2020 - 13:15
CVE-2020-1938 7.5
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t
21-07-2021 - 11:39 24-02-2020 - 22:15
CVE-2020-13934 5.0
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException co
21-07-2021 - 11:39 14-07-2020 - 15:15
CVE-2020-1953 7.5
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the
21-07-2021 - 11:39 13-03-2020 - 15:15
CVE-2020-1954 2.9
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to
21-07-2021 - 11:39 01-04-2020 - 21:15
CVE-2020-13920 4.3
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something
21-07-2021 - 11:39 10-09-2020 - 19:15
CVE-2020-12243 5.0
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
21-07-2021 - 11:39 28-04-2020 - 19:15
CVE-2019-11835 7.5
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
21-07-2021 - 11:39 09-05-2019 - 05:29
CVE-2019-11834 7.5
cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.
21-07-2021 - 11:39 09-05-2019 - 05:29
CVE-2020-11996 5.0
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTT
21-07-2021 - 11:39 26-06-2020 - 17:15
CVE-2019-1010239 5.0
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vecto
21-07-2021 - 11:39 19-07-2019 - 17:15
CVE-2019-20330 7.5
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
20-07-2021 - 23:15 03-01-2020 - 04:15
CVE-2019-2897 5.5
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low p
20-07-2021 - 23:15 16-10-2019 - 18:15
CVE-2017-7658 7.5
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a
20-07-2021 - 23:15 26-06-2018 - 17:29
CVE-2019-16942 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.
20-07-2021 - 23:15 01-10-2019 - 17:15
CVE-2020-8172 5.8
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
20-07-2021 - 23:15 08-06-2020 - 14:15
CVE-2019-17531 6.8
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext
20-07-2021 - 23:15 12-10-2019 - 21:15
CVE-2019-16943 6.8
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja
20-07-2021 - 23:15 01-10-2019 - 17:15
CVE-2017-9735 5.0
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
20-07-2021 - 23:15 16-06-2017 - 21:29
CVE-2017-7657 7.5
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow
20-07-2021 - 23:15 26-06-2018 - 16:29
CVE-2017-7656 5.0
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declare
20-07-2021 - 23:15 26-06-2018 - 15:29
CVE-2020-2555 7.5
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows una
20-07-2021 - 23:15 15-01-2020 - 17:15
CVE-2020-15389 5.8
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to c
20-07-2021 - 23:15 29-06-2020 - 21:15
CVE-2020-1941 4.3
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
20-07-2021 - 23:15 14-05-2020 - 17:15
CVE-2020-11973 7.5
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
20-07-2021 - 23:15 14-05-2020 - 17:15
CVE-2019-10173 7.5
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshall
20-07-2021 - 23:15 23-07-2019 - 13:15
CVE-2019-10097 6.0
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulner
07-07-2021 - 19:01 26-09-2019 - 16:15
CVE-2018-17196 6.5
In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploi
03-07-2021 - 21:15 11-07-2019 - 21:15
CVE-2020-14871 10.0
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via m
22-06-2021 - 21:15 21-10-2020 - 15:15
CVE-2020-13631 2.1
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
18-06-2021 - 15:15 27-05-2020 - 15:15
CVE-2019-12419 7.5
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is
17-06-2021 - 17:28 06-11-2019 - 21:15
CVE-2019-12423 4.3
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from
17-06-2021 - 17:24 16-01-2020 - 18:15
CVE-2019-15903 5.0
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-r
15-06-2021 - 23:15 04-09-2019 - 06:15
CVE-2020-5407 6.5
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify
14-06-2021 - 18:15 13-05-2020 - 17:15
CVE-2019-17632 4.3
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in err
14-06-2021 - 18:15 25-11-2019 - 22:15
CVE-2020-5408 4.0
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A
14-06-2021 - 18:15 14-05-2020 - 18:15
CVE-2020-9327 5.0
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
14-06-2021 - 18:15 21-02-2020 - 22:15
CVE-2016-5725 4.3
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
14-06-2021 - 18:15 19-01-2017 - 22:59
CVE-2019-14379 7.5
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
14-06-2021 - 18:15 29-07-2019 - 12:15
CVE-2017-12626 5.0
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and
14-06-2021 - 18:15 29-01-2018 - 17:29
CVE-2018-1000180 5.0
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. T
14-06-2021 - 18:15 05-06-2018 - 13:29
CVE-2018-1000613 7.5
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT priv
14-06-2021 - 18:15 09-07-2018 - 20:29
CVE-2019-10246 5.0
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory co
14-06-2021 - 18:15 22-04-2019 - 20:29
CVE-2019-10072 5.0
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) cl
14-06-2021 - 18:15 21-06-2019 - 18:15
CVE-2019-17638 7.5
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to
14-06-2021 - 18:15 09-07-2020 - 18:15
CVE-2019-12086 5.0
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
14-06-2021 - 18:15 17-05-2019 - 17:29
CVE-2020-9490 5.0
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via
06-06-2021 - 11:15 07-08-2020 - 16:15
CVE-2020-11984 7.5
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
06-06-2021 - 11:15 07-08-2020 - 16:15
CVE-2020-11993 4.3
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev
06-06-2021 - 11:15 07-08-2020 - 16:15
CVE-2020-14812 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker
02-06-2021 - 13:26 21-10-2020 - 15:15
CVE-2020-14814 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
02-06-2021 - 13:26 21-10-2020 - 15:15
CVE-2020-14785 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
02-06-2021 - 13:25 21-10-2020 - 15:15
CVE-2020-14868 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14837 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14828 6.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14852 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple prot
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14869 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14891 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14793 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attack
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14769 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacke
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14845 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14839 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14829 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14789 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14765 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14888 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14853 4.9
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mul
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14893 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14821 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14773 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14672 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14848 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14791 3.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14786 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14776 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mu
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14771 3.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker wit
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14873 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14867 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker w
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14861 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14878 7.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14870 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple prot
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14866 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14844 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14860 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14838 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14846 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple prot
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14827 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with n
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14836 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple prot
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14830 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple prot
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14809 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14800 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14804 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14794 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14799 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14790 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access vi
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14777 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14775 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mul
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2020-14760 7.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-05-2021 - 12:15 21-10-2020 - 15:15
CVE-2018-14718 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
21-05-2021 - 15:30 02-01-2019 - 18:29
CVE-2019-2904 7.5
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacke
18-05-2021 - 12:58 16-10-2019 - 18:15
CVE-2018-12536 5.0
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the
14-05-2021 - 16:15 27-06-2018 - 17:29
CVE-2020-1935 5.8
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug
04-05-2021 - 19:19 24-02-2020 - 22:15
CVE-2018-5382 7.5
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies t
21-04-2021 - 17:45 16-04-2018 - 14:29
CVE-2018-7489 7.5
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously c
25-03-2021 - 01:15 26-02-2018 - 15:29
CVE-2019-14893 7.5
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling m
16-03-2021 - 17:29 02-03-2020 - 21:15
CVE-2019-10744 6.4
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
16-03-2021 - 13:57 26-07-2019 - 00:15
CVE-2020-11972 7.5
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
15-03-2021 - 22:15 14-05-2020 - 17:15
CVE-2020-14779 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows una
08-03-2021 - 13:44 21-10-2020 - 15:15
CVE-2020-14803 5.0
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocol
24-02-2021 - 21:42 21-10-2020 - 15:15
CVE-2020-14797 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthe
24-02-2021 - 21:24 21-10-2020 - 15:15
CVE-2020-14792 5.8
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthent
24-02-2021 - 21:23 21-10-2020 - 15:15
CVE-2020-14781 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthentica
24-02-2021 - 21:13 21-10-2020 - 15:15
CVE-2020-14782 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthe
24-02-2021 - 21:13 21-10-2020 - 15:15
CVE-2020-14798 2.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthe
24-02-2021 - 21:11 21-10-2020 - 15:15
CVE-2020-14796 2.6
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthe
24-02-2021 - 20:56 21-10-2020 - 15:15
CVE-2018-11307 7.5
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
22-02-2021 - 21:47 09-07-2019 - 16:15
CVE-2020-8840 7.5
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
22-02-2021 - 21:45 10-02-2020 - 21:56
CVE-2019-16335 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
22-02-2021 - 21:42 15-09-2019 - 22:15
CVE-2017-15095 7.5
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe
22-02-2021 - 21:41 06-02-2018 - 15:29
CVE-2019-17267 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
22-02-2021 - 21:39 07-10-2019 - 00:15
CVE-2019-14540 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
22-02-2021 - 21:38 15-09-2019 - 22:15
CVE-2020-11620 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
22-02-2021 - 21:33 07-04-2020 - 23:15
CVE-2020-11619 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
22-02-2021 - 21:29 07-04-2020 - 23:15
CVE-2020-14889 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
22-02-2021 - 20:12 21-10-2020 - 15:15
CVE-2020-14886 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
22-02-2021 - 20:12 21-10-2020 - 15:15
CVE-2020-14885 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
22-02-2021 - 20:11 21-10-2020 - 15:15
CVE-2020-14882 10.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unau
22-02-2021 - 20:11 21-10-2020 - 15:15
CVE-2020-14892 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure
22-02-2021 - 20:10 21-10-2020 - 15:15
CVE-2020-14881 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
22-02-2021 - 19:40 21-10-2020 - 15:15
CVE-2020-14872 7.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
22-02-2021 - 19:39 21-10-2020 - 15:15
CVE-2020-14884 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
22-02-2021 - 18:15 21-10-2020 - 15:15
CVE-2019-9513 7.8
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the
30-01-2021 - 02:36 13-08-2019 - 21:15
CVE-2019-9511 7.8
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. T
30-01-2021 - 02:36 13-08-2019 - 21:15
CVE-2018-5968 6.8
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets
21-01-2021 - 16:22 22-01-2018 - 04:29
CVE-2019-17091 4.3
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
20-01-2021 - 15:15 02-10-2019 - 14:15
CVE-2019-17359 5.0
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
20-01-2021 - 15:15 08-10-2019 - 14:15
CVE-2019-17569 5.8
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of H
20-01-2021 - 15:15 24-02-2020 - 22:15
CVE-2020-10723 4.6
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out
20-01-2021 - 15:15 19-05-2020 - 19:15
CVE-2020-10722 4.6
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
20-01-2021 - 15:15 19-05-2020 - 19:15
CVE-2017-17485 7.5
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to t
19-01-2021 - 15:51 10-01-2018 - 18:29
CVE-2018-1000873 4.3
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious
19-01-2021 - 15:41 20-12-2018 - 17:29
CVE-2015-9251 4.3
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
08-01-2021 - 12:15 18-01-2018 - 23:29
CVE-2020-13630 4.4
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
15-12-2020 - 20:15 27-05-2020 - 15:15
CVE-2017-3164 5.0
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to
09-12-2020 - 11:15 08-03-2019 - 21:29
CVE-2019-0192 7.5
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trig
09-12-2020 - 11:15 07-03-2019 - 21:29
CVE-2020-14883 9.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high
19-11-2020 - 18:15 21-10-2020 - 15:15
CVE-2019-18348 4.3
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (sp
16-11-2020 - 20:46 23-10-2019 - 17:15
CVE-2020-14841 7.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthe
10-11-2020 - 19:32 21-10-2020 - 15:15
CVE-2018-2765 5.0
Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows una
02-11-2020 - 16:15 19-04-2018 - 02:29
CVE-2020-14864 7.8
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows
28-10-2020 - 19:15 21-10-2020 - 15:15
CVE-2020-14768 4.0
Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: Smart View Provider). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows low privileged attacker with access to
27-10-2020 - 14:58 21-10-2020 - 15:15
CVE-2020-14787 4.9
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged
27-10-2020 - 14:58 21-10-2020 - 15:15
CVE-2020-14807 5.8
Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with ne
27-10-2020 - 14:15 21-10-2020 - 15:15
CVE-2020-14810 5.8
Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with ne
27-10-2020 - 14:15 21-10-2020 - 15:15
CVE-2020-14850 7.8
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker w
27-10-2020 - 12:54 21-10-2020 - 15:15
CVE-2020-14847 4.0
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access
27-10-2020 - 12:54 21-10-2020 - 15:15
CVE-2020-14851 7.8
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attack
27-10-2020 - 12:53 21-10-2020 - 15:15
CVE-2020-14854 7.9
Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network ac
27-10-2020 - 12:52 21-10-2020 - 15:15
CVE-2020-14784 5.8
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker
26-10-2020 - 19:48 21-10-2020 - 15:15
CVE-2020-14783 5.0
Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Food and Beverage Applications (component: CAL). The supported version that is affected is 5.7. Easily exploitable vulnerability allows unauthenticated attacker with network access vi
26-10-2020 - 19:46 21-10-2020 - 15:15
CVE-2020-14780 5.8
Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticat
26-10-2020 - 19:45 21-10-2020 - 15:15
CVE-2020-14778 6.5
Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access
26-10-2020 - 19:31 21-10-2020 - 15:15
CVE-2020-14840 4.3
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker
26-10-2020 - 16:28 21-10-2020 - 15:15
CVE-2020-14788 5.8
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated
26-10-2020 - 16:28 21-10-2020 - 15:15
CVE-2020-14831 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated att
26-10-2020 - 16:25 21-10-2020 - 15:15
CVE-2020-14842 5.8
Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticat
26-10-2020 - 16:20 21-10-2020 - 15:15
CVE-2020-14843 6.8
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability a
26-10-2020 - 16:06 21-10-2020 - 15:15
CVE-2020-14772 2.1
Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via
26-10-2020 - 15:05 21-10-2020 - 15:15
CVE-2020-14770 2.1
Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple
26-10-2020 - 15:04 21-10-2020 - 15:15
CVE-2020-14774 5.0
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated a
26-10-2020 - 14:57 21-10-2020 - 15:15
CVE-2020-14877 7.5
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker
26-10-2020 - 14:27 21-10-2020 - 15:15
CVE-2020-14876 8.5
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attack
26-10-2020 - 14:27 21-10-2020 - 15:15
CVE-2020-14880 7.5
Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileg
26-10-2020 - 14:27 21-10-2020 - 15:15
CVE-2020-14879 7.5
Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileg
23-10-2020 - 21:02 21-10-2020 - 15:15
CVE-2020-14875 9.4
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated att
23-10-2020 - 20:53 21-10-2020 - 15:15
CVE-2020-14795 4.3
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with networ
23-10-2020 - 18:33 21-10-2020 - 15:15
CVE-2020-14824 7.8
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerabilit
23-10-2020 - 18:32 21-10-2020 - 15:15
CVE-2020-14825 7.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with n
23-10-2020 - 18:32 21-10-2020 - 15:15
CVE-2020-14826 5.0
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker wi
23-10-2020 - 18:30 21-10-2020 - 15:15
CVE-2020-14731 3.5
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability allows low privi
23-10-2020 - 18:29 21-10-2020 - 15:15
CVE-2020-14901 6.8
Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net t
23-10-2020 - 18:22 21-10-2020 - 15:15
CVE-2020-14899 4.9
Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account priv
23-10-2020 - 18:22 21-10-2020 - 15:15
CVE-2018-12545 5.0
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to th
23-10-2020 - 18:18 27-03-2019 - 20:29
CVE-2020-14815 5.8
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability a
23-10-2020 - 18:12 21-10-2020 - 15:15
CVE-2020-14817 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated att
23-10-2020 - 17:45 21-10-2020 - 15:15
CVE-2020-14740 1.9
Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User
23-10-2020 - 17:41 21-10-2020 - 15:15
CVE-2020-14818 2.1
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Solar
23-10-2020 - 17:40 21-10-2020 - 15:15
CVE-2020-14820 5.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthe
23-10-2020 - 17:37 21-10-2020 - 15:15
CVE-2020-14819 5.8
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access vi
23-10-2020 - 17:33 21-10-2020 - 15:15
CVE-2020-14736 6.5
Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege
23-10-2020 - 17:32 21-10-2020 - 15:15
CVE-2020-14823 5.5
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3 - 12.2.10. Easily exploitable vulnerability allows high privileged attacker with network
23-10-2020 - 17:31 21-10-2020 - 15:15
CVE-2020-14813 5.8
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Grids). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network ac
23-10-2020 - 16:55 21-10-2020 - 15:15
CVE-2020-14808 5.8
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with n
23-10-2020 - 16:48 21-10-2020 - 15:15
CVE-2020-14742 5.5
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYSDBA level account priv
23-10-2020 - 16:47 21-10-2020 - 15:15
CVE-2020-14741 6.8
Vulnerability in the Database Filesystem component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Resource, Create Table, Cr
23-10-2020 - 16:47 21-10-2020 - 15:15
CVE-2020-14811 5.0
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attack
23-10-2020 - 16:42 21-10-2020 - 15:15
CVE-2020-14833 5.8
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attack
23-10-2020 - 16:39 21-10-2020 - 15:15
CVE-2020-14763 4.9
Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privile
23-10-2020 - 16:39 21-10-2020 - 15:15
CVE-2020-14834 5.8
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attack
23-10-2020 - 16:38 21-10-2020 - 15:15
CVE-2020-14835 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network ac
23-10-2020 - 16:36 21-10-2020 - 15:15
CVE-2020-14855 10.0
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with net
23-10-2020 - 16:27 21-10-2020 - 15:15
CVE-2020-14856 7.8
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attack
23-10-2020 - 16:27 21-10-2020 - 15:15
CVE-2020-14857 5.8
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attack
23-10-2020 - 16:18 21-10-2020 - 15:15
CVE-2020-14858 8.5
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker
23-10-2020 - 16:16 21-10-2020 - 15:15
CVE-2020-14859 10.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthe
23-10-2020 - 16:10 21-10-2020 - 15:15
CVE-2020-14862 9.0
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with netwo
23-10-2020 - 16:09 21-10-2020 - 15:15
CVE-2020-14863 7.8
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network a
23-10-2020 - 15:33 21-10-2020 - 15:15
CVE-2020-14865 8.5
Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with ne
23-10-2020 - 15:12 21-10-2020 - 15:15
CVE-2020-14764 2.1
Vulnerability in the Hyperion Planning product of Oracle Hyperion (component: Application Development Framework). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network acce
23-10-2020 - 14:59 21-10-2020 - 15:15
CVE-2020-14767 2.1
Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple
23-10-2020 - 14:58 21-10-2020 - 15:15
CVE-2020-14816 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated att
23-10-2020 - 14:49 21-10-2020 - 15:15
CVE-2020-14849 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated att
23-10-2020 - 14:16 21-10-2020 - 15:15
CVE-2020-14762 4.9
Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network a
23-10-2020 - 13:54 21-10-2020 - 15:15
CVE-2020-14805 6.4
Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability al
23-10-2020 - 13:38 21-10-2020 - 15:15
CVE-2020-14801 4.3
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with
23-10-2020 - 13:27 21-10-2020 - 15:15
CVE-2020-14802 4.3
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with
23-10-2020 - 13:27 21-10-2020 - 15:15
CVE-2020-14761 6.4
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.7. Easily exploitable vulnerability allows unauthenticat
23-10-2020 - 13:27 21-10-2020 - 15:15
CVE-2020-4051 3.5
In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and le
23-10-2020 - 09:15 15-06-2020 - 22:15
CVE-2020-14732 3.5
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged
22-10-2020 - 20:03 21-10-2020 - 15:15
CVE-2020-14822 4.3
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with netw
22-10-2020 - 20:02 21-10-2020 - 15:15
CVE-2020-14735 7.2
Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with
22-10-2020 - 19:58 21-10-2020 - 15:15
CVE-2020-14734 6.8
Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracl
22-10-2020 - 19:55 21-10-2020 - 15:15
CVE-2020-14832 5.8
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with n
22-10-2020 - 19:43 21-10-2020 - 15:15
CVE-2020-14887 6.8
Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privi
22-10-2020 - 19:35 21-10-2020 - 15:15
CVE-2020-14897 7.1
Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated
22-10-2020 - 16:20 21-10-2020 - 15:15
CVE-2020-14759 3.3
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris e
22-10-2020 - 16:00 21-10-2020 - 15:15
CVE-2020-14890 7.1
Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated
22-10-2020 - 15:59 21-10-2020 - 15:15
CVE-2020-14758 3.6
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris exe
22-10-2020 - 15:57 21-10-2020 - 15:15
CVE-2020-14898 4.9
Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account priv
22-10-2020 - 15:42 21-10-2020 - 15:15
CVE-2020-14895 5.5
Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 - 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploi
22-10-2020 - 15:42 21-10-2020 - 15:15
CVE-2020-14757 6.8
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). The supported version that is affected is 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access vi
22-10-2020 - 15:31 21-10-2020 - 15:15
CVE-2020-14900 4.9
Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account pri
22-10-2020 - 15:27 21-10-2020 - 15:15
CVE-2020-14754 4.9
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris
22-10-2020 - 15:18 21-10-2020 - 15:15
CVE-2020-14896 6.8
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network acc
22-10-2020 - 15:13 21-10-2020 - 15:15
CVE-2020-14753 1.9
Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attack
22-10-2020 - 15:12 21-10-2020 - 15:15
CVE-2020-14752 4.9
Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via
22-10-2020 - 15:10 21-10-2020 - 15:15
CVE-2020-14894 6.8
Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attac
22-10-2020 - 15:10 21-10-2020 - 15:15
CVE-2020-14806 5.0
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access
22-10-2020 - 15:09 21-10-2020 - 15:15
CVE-2020-14746 5.8
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker w
22-10-2020 - 15:09 21-10-2020 - 15:15
CVE-2020-14743 4.9
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege
22-10-2020 - 15:09 21-10-2020 - 15:15
CVE-2020-14744 4.0
Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnera
22-10-2020 - 15:09 21-10-2020 - 15:15
CVE-2020-14745 4.0
Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnera
22-10-2020 - 15:09 21-10-2020 - 15:15
CVE-2020-14766 5.5
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily expl
22-10-2020 - 14:48 21-10-2020 - 15:15
CVE-2020-14835 None
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network ac
21-10-2020 - 15:15 21-10-2020 - 15:15
CVE-2020-14824 None
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerabilit
21-10-2020 - 15:15 21-10-2020 - 15:15
CVE-2019-5481 7.5
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
20-10-2020 - 22:15 16-09-2019 - 19:15
CVE-2017-5644 7.1
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
20-10-2020 - 22:15 24-03-2017 - 14:59
CVE-2017-5662 7.9
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable ap
20-10-2020 - 22:15 18-04-2017 - 14:59
CVE-2019-5435 4.3
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
20-10-2020 - 22:15 28-05-2019 - 19:29
CVE-2020-9409 10.0
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthentic
20-10-2020 - 22:15 20-05-2020 - 13:15
CVE-2018-8013 7.5
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before
20-10-2020 - 22:15 24-05-2018 - 16:29
CVE-2017-9800 7.5
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user
20-10-2020 - 22:15 11-08-2017 - 21:29
CVE-2019-5436 4.6
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
20-10-2020 - 22:15 28-05-2019 - 19:29
CVE-2017-9096 6.8
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
20-10-2020 - 22:15 08-11-2017 - 16:29
CVE-2013-7285 7.5
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported for
20-10-2020 - 22:15 15-05-2019 - 17:29
CVE-2020-1951 4.3
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
20-10-2020 - 22:15 23-03-2020 - 14:15
CVE-2020-1950 4.3
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
20-10-2020 - 22:15 23-03-2020 - 14:15
CVE-2018-15769 5.0
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients dur
20-10-2020 - 22:15 16-11-2018 - 21:29
CVE-2016-5000 4.3
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) i
20-10-2020 - 22:15 05-08-2016 - 14:59
CVE-2020-13632 2.1
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
20-10-2020 - 22:15 27-05-2020 - 15:15
CVE-2016-8610 5.0
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL ser
20-10-2020 - 22:15 13-11-2017 - 22:29
CVE-2020-3909 7.5
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple i
20-10-2020 - 22:15 01-04-2020 - 18:15
CVE-2019-12814 4.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in
20-10-2020 - 22:15 19-06-2019 - 14:15
CVE-2019-1549 5.0
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this pro
20-10-2020 - 22:15 10-09-2019 - 17:15
CVE-2016-8734 4.0
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an
20-10-2020 - 22:15 16-10-2017 - 13:29
CVE-2019-12384 4.3
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be
20-10-2020 - 22:15 24-06-2019 - 16:15
CVE-2016-4800 7.5
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related
20-10-2020 - 22:15 13-04-2017 - 14:59
CVE-2018-11054 5.0
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
20-10-2020 - 22:15 31-08-2018 - 18:29
CVE-2019-11477 7.8
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This ha
20-10-2020 - 22:15 19-06-2019 - 00:15
CVE-2019-11922 6.8
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
20-10-2020 - 22:15 25-07-2019 - 21:15
CVE-2018-12022 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in
20-10-2020 - 22:15 21-03-2019 - 16:00
CVE-2016-2510 6.8
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
20-10-2020 - 22:15 07-04-2016 - 20:59
CVE-2019-11478 5.0
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denia
20-10-2020 - 22:15 19-06-2019 - 00:15
CVE-2018-12023 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid
20-10-2020 - 22:15 21-03-2019 - 16:00
CVE-2016-2167 4.9
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm
20-10-2020 - 22:15 05-05-2016 - 18:59
CVE-2018-12538 6.5
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatche
20-10-2020 - 22:15 22-06-2018 - 19:29
CVE-2018-11056 4.0
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote
20-10-2020 - 22:15 31-08-2018 - 18:29
CVE-2016-2168 4.0
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted
20-10-2020 - 22:15 05-05-2016 - 18:59
CVE-2018-11058 7.5
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote att
20-10-2020 - 22:15 14-09-2018 - 20:29
CVE-2019-11479 5.0
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial
20-10-2020 - 22:15 19-06-2019 - 00:15
CVE-2018-11057 4.3
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be
20-10-2020 - 22:15 31-08-2018 - 18:29
CVE-2018-11055 2.1
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by
20-10-2020 - 22:15 31-08-2018 - 18:29
CVE-2017-13098 4.3
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can r
20-10-2020 - 22:15 13-12-2017 - 01:29
CVE-2015-1832 6.4
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumpti
20-10-2020 - 22:15 03-10-2016 - 21:59
CVE-2016-1000339 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lo
20-10-2020 - 22:15 04-06-2018 - 13:29
CVE-2016-1000352 5.8
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
20-10-2020 - 22:15 04-06-2018 - 21:29
CVE-2016-1000346 4.3
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in
20-10-2020 - 22:15 04-06-2018 - 21:29
CVE-2016-1000345 4.3
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identif
20-10-2020 - 22:15 04-06-2018 - 21:29
CVE-2016-1000338 5.0
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in s
20-10-2020 - 22:15 01-06-2018 - 20:29
CVE-2016-1000344 5.8
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
20-10-2020 - 22:15 04-06-2018 - 21:29
CVE-2016-1000342 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in
20-10-2020 - 22:15 04-06-2018 - 13:29
CVE-2016-1000343 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generate
20-10-2020 - 22:15 04-06-2018 - 13:29
CVE-2016-0701 2.6
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent
20-10-2020 - 22:15 15-02-2016 - 02:59
CVE-2016-1000341 4.3
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacke
20-10-2020 - 22:15 04-06-2018 - 13:29
CVE-2020-10108 7.5
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as
20-10-2020 - 22:15 12-03-2020 - 13:15
CVE-2016-1000340 5.0
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom el
20-10-2020 - 22:15 04-06-2018 - 13:29
CVE-2019-12086 5.0
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
01-10-2020 - 00:15 17-05-2019 - 17:29
CVE-2020-11023 4.3
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
01-10-2020 - 00:15 29-04-2020 - 21:15
CVE-2020-1945 3.3
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr
30-09-2020 - 21:15 14-05-2020 - 16:15
CVE-2019-17638 7.5
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to
30-09-2020 - 18:15 09-07-2020 - 18:15
CVE-2020-11022 4.3
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
25-09-2020 - 20:15 29-04-2020 - 22:15
Back to Top Mark selected
Back to Top