Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-13 | CVE-2020-1953 | Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. | 10.0 |
| 2020-03-12 | CVE-2020-10531 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. network low complexity icu-project redhat google fedoraproject debian canonical opensuse oracle nodejs CWE-190 | 8.8 |
| 2020-03-12 | CVE-2020-10108 | HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. | 9.8 |
| 2020-03-07 | CVE-2020-9281 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). | 6.1 |
| 2020-03-06 | CVE-2020-10188 | Classic Buffer Overflow vulnerability in multiple products utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. network low complexity netkit-telnet-project fedoraproject debian arista oracle juniper CWE-120 critical | 9.8 |
| 2020-03-02 | CVE-2019-14893 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. | 9.8 |
| 2020-03-02 | CVE-2020-9548 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). | 9.8 |
| 2020-03-02 | CVE-2020-9547 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). | 9.8 |
| 2020-03-02 | CVE-2020-9546 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). | 9.8 |
| 2020-02-24 | CVE-2020-1938 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. | 9.8 |