CVSS: 8.1EPSS: 0%CPEs: 65EXPL: 1CVE-2020-35728 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool
https://notcve.org/view.php?id=CVE-2020-35728
27 Dec 2020 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los dispositivos de serialización y la escritura, relacionada con com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (también se ... • https://github.com/Al1ex/CVE-2020-35728 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 9.3EPSS: 97%CPEs: 36EXPL: 4CVE-2020-26217 – Remote Code Execution in XStream
https://notcve.org/view.php?id=CVE-2020-26217
16 Nov 2020 — XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. • https://github.com/Al1ex/CVE-2020-26217 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14894
https://notcve.org/view.php?id=CVE-2020-14894
21 Oct 2020 — Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 8.1EPSS: 0%CPEs: 37EXPL: 1CVE-2020-24750 – jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
https://notcve.org/view.php?id=CVE-2020-24750
17 Sep 2020 — FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.6, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con com.pastdev.httpcomponents.configuration.JndiConfiguration A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.6. The interaction between ... • https://github.com/Al1ex/CVE-2020-24750 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2715
https://notcve.org/view.php?id=CVE-2020-2715
15 Jan 2020 — Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as una... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2718
https://notcve.org/view.php?id=CVE-2020-2718
15 Jan 2020 — Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2716
https://notcve.org/view.php?id=CVE-2020-2716
15 Jan 2020 — Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2717
https://notcve.org/view.php?id=CVE-2020-2717
15 Jan 2020 — Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or del... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2719
https://notcve.org/view.php?id=CVE-2020-2719
15 Jan 2020 — Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 4.3 (Conf... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-3046
https://notcve.org/view.php?id=CVE-2018-3046
18 Jul 2018 — Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •