Vulnerabilities > Oracle > Autovue
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-27 | CVE-2020-35728 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). | 8.1 |
| 2020-07-15 | CVE-2020-14551 | Unspecified vulnerability in Oracle Autovue 21.0 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). | 4.3 |
| 2020-01-15 | CVE-2020-2592 | Unspecified vulnerability in Oracle Autovue 21.0.2 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). | 5.3 |
| 2019-04-22 | CVE-2019-10247 | Information Exposure vulnerability in multiple products In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. | 5.3 |
| 2019-04-22 | CVE-2019-10246 | Information Exposure vulnerability in multiple products In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. | 5.3 |