CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21552
https://notcve.org/view.php?id=CVE-2025-21552
21 Jan 2025 — Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVS... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-1390: Weak Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21168
https://notcve.org/view.php?id=CVE-2024-21168
16 Jul 2024 — Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.8.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVS... • https://www.oracle.com/security-alerts/cpujul2024.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22050
https://notcve.org/view.php?id=CVE-2023-22050
18 Jul 2023 — Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as ... • https://www.oracle.com/security-alerts/cpujul2023.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21532
https://notcve.org/view.php?id=CVE-2022-21532
19 Jul 2022 — Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.3 (Confident... • https://www.oracle.com/security-alerts/cpujul2022.html •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3712 – Read buffer overruns processing ASN.1 strings
https://notcve.org/view.php?id=CVE-2021-3712
24 Aug 2021 — ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set... • http://www.openwall.com/lists/oss-security/2021/08/26/2 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 67EXPL: 1CVE-2021-23840 – Integer overflow in CipherUpdate
https://notcve.org/view.php?id=CVE-2021-23840
16 Feb 2021 — Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrad... • https://github.com/Trinadh465/openssl-1.1.1g_CVE-2021-23840 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2052
https://notcve.org/view.php?id=CVE-2021-2052
20 Jan 2021 — Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 8.8EPSS: 61%CPEs: 68EXPL: 2CVE-2020-36179 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS
https://notcve.org/view.php?id=CVE-2020-36179
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization... • https://github.com/Al1ex/CVE-2020-36179 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 2%CPEs: 75EXPL: 1CVE-2020-36180 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS
https://notcve.org/view.php?id=CVE-2020-36180
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets... • https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 2%CPEs: 75EXPL: 1CVE-2020-36182 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS
https://notcve.org/view.php?id=CVE-2020-36182
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization... • https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 • CWE-502: Deserialization of Untrusted Data •