Communications Instant Messaging Server

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-02	CVE-2020-9547	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). network low complexity fasterxml netapp debian oracle CWE-502 critical	9.8
2020-03-02	CVE-2020-9546	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). network low complexity fasterxml netapp debian oracle CWE-502 critical	9.8
2020-02-24	CVE-2020-1938	When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. network low complexity apache fedoraproject oracle debian opensuse blackberry critical	9.8
2020-02-24	CVE-2020-1935	HTTP Request Smuggling vulnerability in multiple products In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. network high complexity apache debian canonical opensuse netapp oracle CWE-444	4.8
2020-02-24	CVE-2019-17569	HTTP Request Smuggling vulnerability in multiple products The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. network high complexity apache opensuse netapp debian oracle CWE-444	4.8
2020-01-03	CVE-2019-20330	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. network low complexity fasterxml oracle debian netapp CWE-502 critical	9.8
2019-11-08	CVE-2019-10219	Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle CWE-79	6.1
2019-07-30	CVE-2019-14439	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. network low complexity fasterxml debian fedoraproject apache redhat oracle CWE-502	7.5
2019-07-29	CVE-2019-14379	SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. network low complexity fasterxml debian netapp fedoraproject redhat oracle apple critical	9.8
2019-07-09	CVE-2018-11307	Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. network low complexity fasterxml redhat oracle CWE-502 critical	9.8