2020-03-02
|
CVE-2020-9548
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
|
Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_xstore_point_of_service, Weblogic_server
|
9.8
|
|
|
2020-04-01
|
CVE-2020-1934
|
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
|
Http_server, Ubuntu_linux, Debian_linux, Fedora, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit
|
5.3
|
|
|
2020-04-01
|
CVE-2020-1954
|
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is...
|
Cxf, Oncommand_workflow_automation, Snapmanager, Communications_diameter_signaling_router, Communications_diameter_signaling_router_idih\:, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Peoplesoft_enterprise_peopletools
|
5.3
|
|
|
2020-04-02
|
CVE-2020-1927
|
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
|
Http_server, Brocade_fabric_operating_system, Ubuntu_linux, Debian_linux, Fedora, Oncommand_unified_manager_core_package, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Instantis_enterprisetrack, Sd\-Wan_aware, Zfs_storage_appliance_kit
|
6.1
|
|
|
2020-04-29
|
CVE-2020-11023
|
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
|
Debian_linux, Drupal, Fedora, Jquery, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Max_data, Oncommand_insight, Oncommand_system_manager, Snap_creator_framework, Snapcenter_server, Application_express, Application_testing_suite, Banking_enterprise_collections, Banking_platform, Business_intelligence, Communications_analytics, Communications_eagle_application_processor, Communications_element_manager, Communications_interactive_session_recorder, Communications_operations_monitor, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Financial_services_regulatory_reporting_for_de_nederlandsche_bank, Financial_services_revenue_management_and_billing_analytics, Health_sciences_inform, Healthcare_translational_research, Hyperion_financial_reporting, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Oss_support_tools, Peoplesoft_enterprise_human_capital_management_resources, Primavera_gateway, Rest_data_services, Siebel_mobile, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Webcenter_sites, Weblogic_server, Log_correlation_engine
|
6.1
|
|
|
2020-05-14
|
CVE-2020-1941
|
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
|
Activemq, Communications_diameter_signaling_router, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_repository, Flexcube_private_banking
|
6.1
|
|
|
2020-05-20
|
CVE-2020-9484
|
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be...
|
Tomcat, Ubuntu_linux, Debian_linux, Fedora, Epolicy_orchestrator, Leap, Agile_engineering_data_management, Agile_plm, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_diameter_signaling_router, Communications_element_manager, Communications_instant_messaging_server, Communications_session_report_manager, Communications_session_route_manager, Database, Fmw_platform, Hospitality_guest_access, Instantis_enterprisetrack, Managed_file_transfer, Mysql_enterprise_monitor, Retail_order_broker, Siebel_apps_\-_marketing, Siebel_ui_framework, Transportation_management, Workload_manager
|
7.0
|
|
|
2020-06-14
|
CVE-2020-14061
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
|
Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Steelstore_cloud_integrated_storage, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_session_report_manager, Communications_session_route_manager
|
8.1
|
|
|
2020-06-14
|
CVE-2020-14062
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
|
Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Steelstore_cloud_integrated_storage, Agile_plm, Banking_digital_experience, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_session_report_manager, Communications_session_route_manager
|
8.1
|
|
|
2020-06-14
|
CVE-2020-14060
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
|
Jackson\-Databind, Active_iq_unified_manager, Steelstore_cloud_integrated_storage, Agile_plm, Banking_digital_experience, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_session_report_manager, Communications_session_route_manager
|
8.1
|
|
|