CVSS: 8.8EPSS: 61%CPEs: 55EXPL: 1CVE-2020-11113 – jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
https://notcve.org/view.php?id=CVE-2020-11113
31 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.openjpa.ee.WASRegistryManagedRuntime (también se conoce como openjpa). A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4... • https://github.com/Al1ex/CVE-2020-11113 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 6%CPEs: 54EXPL: 0CVE-2020-10968 – jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
https://notcve.org/view.php?id=CVE-2020-10968
26 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.aoju.bus.proxy.provider.remoting.RmiProvider (también se conoce como bus-proxy). A flaw was found in jackson-databind 2.x prior to version 2.9.10... • https://github.com/FasterXML/jackson-databind/issues/2662 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 1%CPEs: 56EXPL: 0CVE-2020-10969 – jackson-databind: Serialization gadgets in javax.swing.JEditorPane
https://notcve.org/view.php?id=CVE-2020-10969
26 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con javax.swing.JEditorPane. A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat fr... • https://github.com/FasterXML/jackson-databind/issues/2642 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 40%CPEs: 54EXPL: 0CVE-2020-10672 – jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
https://notcve.org/view.php?id=CVE-2020-10672
18 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionados con org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (también se conoce como aries.transaction.jms). A fl... • https://github.com/FasterXML/jackson-databind/issues/2659 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 20%CPEs: 55EXPL: 2CVE-2020-10673 – jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
https://notcve.org/view.php?id=CVE-2020-10673
18 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionada con com.caucho.config.types.ResourceRef (también se conoce como caucho-quercus). A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML j... • https://github.com/Al1ex/CVE-2020-10673 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 2%CPEs: 59EXPL: 0CVE-2020-9546 – jackson-databind: Serialization gadgets in shaded-hikari-config
https://notcve.org/view.php?id=CVE-2020-9546
02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4 maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (también se conoce como shaded hikari-config). A flaw was found in jackson-databind... • https://github.com/FasterXML/jackson-databind/issues/2631 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 49%CPEs: 31EXPL: 2CVE-2020-9547 – jackson-databind: Serialization gadgets in ibatis-sqlmap
https://notcve.org/view.php?id=CVE-2020-9547
02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (también se conoce como ibatis-sqlmap). A flaw was found in jackson-databind ... • https://github.com/fairyming/CVE-2020-9547 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 69%CPEs: 46EXPL: 1CVE-2020-9548 – jackson-databind: Serialization gadgets in anteros-core
https://notcve.org/view.php?id=CVE-2020-9548
02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a br.com.anteros.dbcp.AnterosDBCPConfig (también se conoce como anteros-core). A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the... • https://github.com/fairyming/CVE-2020-9548 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2646
https://notcve.org/view.php?id=CVE-2020-2646
15 Jan 2020 — Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may signif... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2644
https://notcve.org/view.php?id=CVE-2020-2644
15 Jan 2020 — Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible dat... • https://www.oracle.com/security-alerts/cpujan2020.html •