NotCVE - vendor:"Oracle" product:"Jd Edwards Enterpriseone Tools" version:" >= 9.2.0.0 <= 9.2.6.3"

Page 10 of 99 results (0.011 seconds)

CVSS: 8.8EPSS: 40%CPEs: 54EXPL: 0

CVE-2020-10672 – jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

https://notcve.org/view.php?id=CVE-2020-10672

18 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionados con org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (también se conoce como aries.transaction.jms). A fl... • https://github.com/FasterXML/jackson-databind/issues/2659 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 20%CPEs: 55EXPL: 2

CVE-2020-10673 – jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

https://notcve.org/view.php?id=CVE-2020-10673

18 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionada con com.caucho.config.types.ResourceRef (también se conoce como caucho-quercus). A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML j... • https://github.com/Al1ex/CVE-2020-10673 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •

CVSS: 6.1EPSS: 1%CPEs: 24EXPL: 0

CVE-2020-9281 – Ubuntu Security Notice USN-5340-1

https://notcve.org/view.php?id=CVE-2020-9281

07 Mar 2020 — A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). Una vulnerabilidad de tipo cross-site scripting (XSS) en el HTML Data Processor for CKEditor versiones 4.0 anteriores a 4.14, permite a atacantes remotos inyectar script web arbitrario por medio de un comentario "protected" diseñado (con la sintaxis cke_protected). Kyaw Min Thein discov... • https://github.com/ckeditor/ckeditor4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 2%CPEs: 59EXPL: 0

CVE-2020-9546 – jackson-databind: Serialization gadgets in shaded-hikari-config

https://notcve.org/view.php?id=CVE-2020-9546

02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4 maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (también se conoce como shaded hikari-config). A flaw was found in jackson-databind... • https://github.com/FasterXML/jackson-databind/issues/2631 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 6%CPEs: 31EXPL: 1

CVE-2020-9547 – jackson-databind: Serialization gadgets in ibatis-sqlmap

https://notcve.org/view.php?id=CVE-2020-9547

02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (también se conoce como ibatis-sqlmap). A flaw was found in jackson-databind ... • https://github.com/fairyming/CVE-2020-9547 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 13%CPEs: 46EXPL: 1

CVE-2020-9548 – jackson-databind: Serialization gadgets in anteros-core

https://notcve.org/view.php?id=CVE-2020-9548

02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a br.com.anteros.dbcp.AnterosDBCPConfig (también se conoce como anteros-core). A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the... • https://github.com/fairyming/CVE-2020-9548 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 2%CPEs: 53EXPL: 0

CVE-2019-20330 – jackson-databind: lacks certain net.sf.ehcache blocking

https://notcve.org/view.php?id=CVE-2019-20330

03 Jan 2020 — FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. FasterXML jackson-databind versiones 2.x anteriores a la versión 2.9.10.2, carece de cierto bloqueo de net.sf.ehcache. Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire ... • https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 12%CPEs: 18EXPL: 1

CVE-2019-17195 – nimbus-jose-jwt: Uncaught exceptions while parsing a JWT

https://notcve.org/view.php?id=CVE-2019-17195

15 Oct 2019 — Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. Connect2id Nimbus JOSE+JWT versiones anteriores a v7.9, puede arrojar varias excepciones no captadas al analizar un JWT, lo que podría resultar en un bloqueo de la aplicación (potencial divulgación de información) o una posible omisión de autenticación. A flaw was found in Connect2id Nimbus JOSE+J... • https://github.com/somatrasss/weblogic2021 • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 110EXPL: 0

CVE-2019-10086 – apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

https://notcve.org/view.php?id=CVE-2019-10086

20 Aug 2019 — In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. En Apache Commons Beanutils 1.9.2, se agregó una clase especial BeanIntrospector que permite suprimir la capacidad de un atacante para acceder al cargador de clases a través de la propiedad de clase disponible en todo... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html • CWE-502: Deserialization of Untrusted Data •

1...8 9 10