2020-03-02
|
CVE-2020-9548
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
|
Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_xstore_point_of_service, Weblogic_server
|
9.8
|
|
|
2020-03-07
|
CVE-2020-9281
|
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
|
Ckeditor, Drupal, Fedora, Agile_plm, Application_express, Banking_enterprise_default_management, Banking_enterprise_default_managment, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Siebel_apps_\-_customer_order_management, Webcenter_portal
|
6.1
|
|
|
2020-04-07
|
CVE-2020-11619
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
|
Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Steelstore_cloud_integrated_storage, Agile_plm, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Enterprise_manager_base_platform, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_xstore_point_of_service, Weblogic_server
|
8.1
|
|
|
2020-04-07
|
CVE-2020-11620
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
|
Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Steelstore_cloud_integrated_storage, Banking_platform, Communications_contacts_server, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Enterprise_manager_base_platform, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_xstore_point_of_service, Weblogic_server
|
8.1
|
|
|
2020-04-29
|
CVE-2020-11023
|
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
|
Debian_linux, Drupal, Fedora, Jquery, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Max_data, Oncommand_insight, Oncommand_system_manager, Snap_creator_framework, Snapcenter_server, Application_express, Application_testing_suite, Banking_enterprise_collections, Banking_platform, Business_intelligence, Communications_analytics, Communications_eagle_application_processor, Communications_element_manager, Communications_interactive_session_recorder, Communications_operations_monitor, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Financial_services_regulatory_reporting_for_de_nederlandsche_bank, Financial_services_revenue_management_and_billing_analytics, Health_sciences_inform, Healthcare_translational_research, Hyperion_financial_reporting, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Oss_support_tools, Peoplesoft_enterprise_human_capital_management_resources, Primavera_gateway, Rest_data_services, Siebel_mobile, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Webcenter_sites, Weblogic_server, Log_correlation_engine
|
6.1
|
|
|
2020-10-20
|
CVE-2020-25648
|
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
|
Fedora, Network_security_services, Communications_offline_mediation_controller, Communications_pricing_design_center, Jd_edwards_enterpriseone_tools, Enterprise_linux
|
7.5
|
|
|
2020-10-23
|
CVE-2020-27216
|
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the...
|
Beam, Debian_linux, Jetty, Snap_creator_framework, Snapcenter, Storage_replication_adapter, Vasa_provider, Virtual_storage_console, Communications_application_session_controller, Communications_converged_application_server_\-_service_controller, Communications_element_manager, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Flexcube_core_banking, Flexcube_private_banking, Jd_edwards_enterpriseone_tools, Siebel_core_\-_automation
|
7.0
|
|
|
2020-11-19
|
CVE-2020-8277
|
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
|
C\-Ares, Fedora, Node\.js, Blockchain_platform, Graalvm, Jd_edwards_enterpriseone_tools, Mysql_cluster, Retail_xstore_point_of_service
|
7.5
|
|
|
2020-12-02
|
CVE-2020-13956
|
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
|
Httpclient, Active_iq_unified_manager, Snapcenter, Commerce_guided_search, Communications_cloud_native_core_service_communication_proxy, Data_integrator, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Nosql_database, Peoplesoft_enterprise_peopletools, Peoplesoft_enterprise_pt_peopletools, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Spatial_studio, Sql_developer, Weblogic_server, Quarkus
|
5.3
|
|
|
2020-12-03
|
CVE-2020-25649
|
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
|
Iotdb, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Service_level_manager, Agile_plm, Agile_product_lifecycle_management_integration_pack, Banking_apis, Banking_platform, Banking_treasury_management, Blockchain_platform, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Goldengate_application_adapters, Health_sciences_empirica_signal, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Retail_service_backbone, Retail_xstore_point_of_service, Sd\-Wan_edge, Utilities_framework, Webcenter_portal, Quarkus
|
7.5
|
|
|