| 2020-07-24 | CVE-2020-15778 | OS Command Injection vulnerability in multiple products
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. | 7.8 |
| 2020-07-15 | CVE-2020-14697 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 7.2 |
| 2020-07-15 | CVE-2020-14678 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 7.2 |
| 2020-07-15 | CVE-2020-14664 | Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). | 8.3 |
| 2020-07-15 | CVE-2020-14663 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 7.2 |
| 2020-07-15 | CVE-2020-14593 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). | 7.4 |
| 2020-07-15 | CVE-2020-14583 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 8.3 |
| 2020-07-13 | CVE-2019-20907 | Infinite Loop vulnerability in multiple products
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | 7.5 |
| 2020-06-14 | CVE-2020-14060 | Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). | 8.1 |
| 2020-06-14 | CVE-2020-14062 | Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). | 8.1 |