Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-01 CVE-2020-11979 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them.
network
low complexity
apache gradle fedoraproject oracle
7.5
2020-09-27 CVE-2020-26116 Injection vulnerability in multiple products
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
7.2
2020-09-17 CVE-2020-24750 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
network
high complexity
fasterxml oracle debian CWE-502
8.1
2020-09-16 CVE-2020-7733 Resource Exhaustion vulnerability in multiple products
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
network
low complexity
ua-parser-js-project oracle CWE-400
7.5
2020-09-14 CVE-2019-0233 Improper Preservation of Permissions vulnerability in multiple products
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
network
low complexity
apache oracle CWE-281
7.5
2020-09-04 CVE-2019-20916 Path Traversal vulnerability in multiple products
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file.
network
low complexity
pypa opensuse debian oracle CWE-22
7.5
2020-09-01 CVE-2020-24584 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used).
7.5
2020-09-01 CVE-2020-24583 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used).
7.5
2020-08-30 CVE-2020-7712 OS Command Injection vulnerability in multiple products
This affects the package json before 10.0.0.
network
low complexity
joyent oracle CWE-78
7.2
2020-08-25 CVE-2020-24616 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
network
high complexity
fasterxml netapp oracle debian CWE-502
8.1