CVSS: 7.5EPSS: 60%CPEs: 38EXPL: 2CVE-2020-1967 – Segmentation fault in SSL_check_chain
https://notcve.org/view.php?id=CVE-2020-1967
21 Apr 2020 — Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL ver... • https://packetstorm.news/files/id/157527 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2946
https://notcve.org/view.php?id=CVE-2020-2946
15 Apr 2020 — Vulnerability in the Application Performance Management product of Oracle Enterprise Manager (component: EM Request Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Application Performance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Application Performance Management accessible d... • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 8.8EPSS: 11%CPEs: 54EXPL: 0CVE-2020-11112 – jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
https://notcve.org/view.php?id=CVE-2020-11112
31 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.commons.proxy.provider.remoting.RmiProvider (también se conoce como apache/commons-proxy). A flaw was found in jackson-da... • https://github.com/FasterXML/jackson-databind/issues/2666 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 58%CPEs: 55EXPL: 1CVE-2020-11113 – jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
https://notcve.org/view.php?id=CVE-2020-11113
31 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.openjpa.ee.WASRegistryManagedRuntime (también se conoce como openjpa). A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4... • https://github.com/Al1ex/CVE-2020-11113 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 6%CPEs: 54EXPL: 0CVE-2020-10968 – jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
https://notcve.org/view.php?id=CVE-2020-10968
26 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.aoju.bus.proxy.provider.remoting.RmiProvider (también se conoce como bus-proxy). A flaw was found in jackson-databind 2.x prior to version 2.9.10... • https://github.com/FasterXML/jackson-databind/issues/2662 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 1%CPEs: 56EXPL: 0CVE-2020-10969 – jackson-databind: Serialization gadgets in javax.swing.JEditorPane
https://notcve.org/view.php?id=CVE-2020-10969
26 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con javax.swing.JEditorPane. A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat fr... • https://github.com/FasterXML/jackson-databind/issues/2642 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 40%CPEs: 54EXPL: 0CVE-2020-10672 – jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
https://notcve.org/view.php?id=CVE-2020-10672
18 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionados con org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (también se conoce como aries.transaction.jms). A fl... • https://github.com/FasterXML/jackson-databind/issues/2659 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 20%CPEs: 55EXPL: 2CVE-2020-10673 – jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
https://notcve.org/view.php?id=CVE-2020-10673
18 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionada con com.caucho.config.types.ResourceRef (también se conoce como caucho-quercus). A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML j... • https://github.com/Al1ex/CVE-2020-10673 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 2%CPEs: 59EXPL: 0CVE-2020-9546 – jackson-databind: Serialization gadgets in shaded-hikari-config
https://notcve.org/view.php?id=CVE-2020-9546
02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4 maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (también se conoce como shaded hikari-config). A flaw was found in jackson-databind... • https://github.com/FasterXML/jackson-databind/issues/2631 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 47EXPL: 0CVE-2019-3740
https://notcve.org/view.php?id=CVE-2019-3740
18 Sep 2019 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposición de Información por medio de vulnerabilidades de Discrepancia de Sincronización durante la generación de claves DSA. Un atacante remoto malicioso podría explota... • https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities • CWE-203: Observable Discrepancy CWE-310: Cryptographic Issues •