Vulnerabilities > Oracle > Documaker > 12.6.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-06 | CVE-2020-36187 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. | 8.1 |
2021-01-06 | CVE-2020-36186 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. | 8.1 |
2021-01-06 | CVE-2020-36185 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. | 8.1 |
2021-01-06 | CVE-2020-36184 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. | 8.1 |
2021-01-06 | CVE-2020-36181 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. | 8.1 |
2020-12-17 | CVE-2020-35491 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. | 6.8 |
2020-12-17 | CVE-2020-35490 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. | 6.8 |
2020-05-01 | CVE-2020-10683 | XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. | 9.8 |
2020-03-10 | CVE-2020-5258 | Code Injection vulnerability in multiple products In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. | 7.7 |
2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. | 6.1 |