Vulnerabilities > Oracle > Mysql Enterprise Monitor > 4.0.11.5331
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-20 | CVE-2020-9484 | Deserialization of Untrusted Data vulnerability in multiple products When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. | 7.0 |
2020-04-21 | CVE-2020-1967 | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
2020-02-24 | CVE-2020-1938 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. | 9.8 |
2020-02-24 | CVE-2020-1935 | HTTP Request Smuggling vulnerability in multiple products In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. | 4.8 |
2020-02-24 | CVE-2019-17569 | HTTP Request Smuggling vulnerability in multiple products The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. | 4.8 |
2020-01-17 | CVE-2020-5397 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. | 2.6 |
2019-12-23 | CVE-2019-17563 | Session Fixation vulnerability in multiple products When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. | 7.5 |
2019-12-20 | CVE-2019-17571 | Deserialization of Untrusted Data vulnerability in multiple products Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. | 9.8 |
2019-12-06 | CVE-2019-1551 | Integer Overflow or Wraparound vulnerability in multiple products There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. | 5.3 |
2018-10-18 | CVE-2018-15756 | Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. | 7.5 |