CVSS: 5.9EPSS: 0%CPEs: 75EXPL: 1CVE-2020-1971 – EDIPARTYNAME NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-1971
08 Dec 2020 — The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. • https://github.com/MBHudson/CVE-2020-1971 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2982
https://notcve.org/view.php?id=CVE-2020-2982
15 Jul 2020 — Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as wel... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 9.8EPSS: 8%CPEs: 7EXPL: 0CVE-2020-11972 – camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution
https://notcve.org/view.php?id=CVE-2020-11972
14 May 2020 — Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Apache Camel RabbitMQ permite una deserialización de Java por defecto. Apache Camel versiones 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 hasta 3.1.0 están afectadas. Los usuarios de la versión 2.x deben actualizar a la versión 2.25.1, los usuarios de la versión 3.x deben actualizar a la versión 3.2.0. • http://www.openwall.com/lists/oss-security/2020/05/14/10 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 9%CPEs: 7EXPL: 0CVE-2020-11973 – camel: Netty enables Java deserialization by default which could leed to remote code execution
https://notcve.org/view.php?id=CVE-2020-11973
14 May 2020 — Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Apache Camel Netty permite una deserialización de Java por defecto. Apache Camel versiones 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 hasta 3.1.0 están afectadas. Los usuarios de la versión 2.x deben actualizar a la versión 2.25.1, los usuarios de la versión 3.x deben actualizar a la versión 3.2.0. • http://www.openwall.com/lists/oss-security/2020/05/14/9 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2020-11971 – camel: DNS Rebinding in JMX Connector could result in remote command execution
https://notcve.org/view.php?id=CVE-2020-11971
14 May 2020 — Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. El JMX de Apache Camel es vulnerable a Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 hasta la versión 3.1.0 se ve afectado. • http://www.openwall.com/lists/oss-security/2020/05/14/7 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 2%CPEs: 31EXPL: 0CVE-2020-11620 – jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
https://notcve.org/view.php?id=CVE-2020-11620
07 Apr 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con el componente org.apache.commons.jelly.impl.Embedded (también se conoce como commons-jelly). A flaw was found in jackson-databind 2.x. The interaction betw... • https://github.com/FasterXML/jackson-databind/issues/2682 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 1%CPEs: 35EXPL: 0CVE-2020-11619 – jackson-databind: Serialization gadgets in org.springframework:spring-aop
https://notcve.org/view.php?id=CVE-2020-11619
07 Apr 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con el componente org.springframework.aop.config.MethodLocatingFactoryBean (también se conoce como spring-aop). A flaw was found in jackson-data... • https://github.com/FasterXML/jackson-databind/issues/2680 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 2%CPEs: 42EXPL: 0CVE-2020-11111 – jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
https://notcve.org/view.php?id=CVE-2020-11111
31 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.activemq.* (también se conoce como activemq-jms, activemq-core, activemq-pool, y activemq-pool-jms). A flaw w... • https://github.com/FasterXML/jackson-databind/issues/2664 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 11%CPEs: 54EXPL: 0CVE-2020-11112 – jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
https://notcve.org/view.php?id=CVE-2020-11112
31 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.commons.proxy.provider.remoting.RmiProvider (también se conoce como apache/commons-proxy). A flaw was found in jackson-da... • https://github.com/FasterXML/jackson-databind/issues/2666 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 58%CPEs: 55EXPL: 1CVE-2020-11113 – jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
https://notcve.org/view.php?id=CVE-2020-11113
31 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.openjpa.ee.WASRegistryManagedRuntime (también se conoce como openjpa). A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4... • https://github.com/Al1ex/CVE-2020-11113 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •