CVSS: 8.1EPSS: 2%CPEs: 75EXPL: 1CVE-2020-36183 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool
https://notcve.org/view.php?id=CVE-2020-36183
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets... • https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 5%CPEs: 75EXPL: 2CVE-2020-36184 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource
https://notcve.org/view.php?id=CVE-2020-36184
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource A flaw was found in jackson-databind. FasterXML mishandles the interaction between seria... • https://github.com/Al1ex/CVE-2020-36184 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 2%CPEs: 75EXPL: 1CVE-2020-36185 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource
https://notcve.org/view.php?id=CVE-2020-36185
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource A flaw was found in jackson-databind. FasterXML mishandles the interaction between seriali... • https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 2%CPEs: 75EXPL: 1CVE-2020-36186 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource
https://notcve.org/view.php?id=CVE-2020-36186
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource A flaw was found in jackson-databind. FasterXML mishandles the interaction between seriali... • https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 2%CPEs: 75EXPL: 1CVE-2020-36187 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource
https://notcve.org/view.php?id=CVE-2020-36187
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource A flaw was found in jackson-databind. FasterXML mishandles the interaction between serializa... • https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 7%CPEs: 75EXPL: 2CVE-2020-36188 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource
https://notcve.org/view.php?id=CVE-2020-36188
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8 maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource A flaw was found in jackson-databind. FasterXML mishandles the interaction betw... • https://github.com/Al1ex/CVE-2020-36188 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 2%CPEs: 67EXPL: 1CVE-2020-36189 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource
https://notcve.org/view.php?id=CVE-2020-36189
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8 maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource A flaw was found in jackson-databind. FasterXML mishandles th... • https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 6%CPEs: 74EXPL: 1CVE-2020-36181 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS
https://notcve.org/view.php?id=CVE-2020-36181
06 Jan 2021 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization g... • https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 39%CPEs: 65EXPL: 1CVE-2020-35728 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool
https://notcve.org/view.php?id=CVE-2020-35728
27 Dec 2020 — FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacción entre los dispositivos de serialización y la escritura, relacionada con com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (también se ... • https://github.com/Al1ex/CVE-2020-35728 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0CVE-2020-8284 – curl: FTP PASV command response can cause curl to connect to arbitrary host
https://notcve.org/view.php?id=CVE-2020-8284
09 Dec 2020 — A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. Un servidor malicioso puede usar la respuesta FTP PASV para engañar a curl versiones 7.73.0 y anteriores, para que se conecte de nuevo a una dirección IP y puerto determinados, y de esta manera pot... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •