Communications Network Charging AND Control

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-06	CVE-2020-36186	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2021-01-06	CVE-2020-36185	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2021-01-06	CVE-2020-36184	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. network high complexity netapp debian oracle fasterxml CWE-502	8.1
2021-01-06	CVE-2020-36181	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. network high complexity netapp debian oracle fasterxml CWE-502	8.1
2020-12-27	CVE-2020-35728	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). network high complexity fasterxml debian netapp oracle CWE-502	8.1
2020-12-03	CVE-2020-25649	XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. network low complexity fasterxml netapp fedoraproject quarkus apache oracle CWE-611	7.5
2020-06-27	CVE-2020-15358	Out-of-bounds Write vulnerability in multiple products In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. local low complexity sqlite canonical apple oracle siemens CWE-787	2.1
2020-06-06	CVE-2020-13871	Use After Free vulnerability in multiple products SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. network low complexity sqlite fedoraproject debian oracle siemens netapp CWE-416	7.5
2020-05-27	CVE-2020-13632	NULL Pointer Dereference vulnerability in multiple products ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. local low complexity sqlite fedoraproject canonical netapp brocade debian siemens oracle CWE-476	5.5
2020-05-27	CVE-2020-13631	SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. local low complexity sqlite fedoraproject canonical netapp brocade siemens apple oracle	5.5