Latest oracle communications element manager Vulnerabilities

CVE-2022-23437
Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote at...
redhat/eap7-xerces-j2<0:2.12.0-3.SP04_redhat_00001.1.el8ea
redhat/eap7-xerces-j2<0:2.12.0-3.SP04_redhat_00001.1.el7ea
IBM Sterling Secure Proxy<=6.0.3
redhat/xerces-j2<2.12.2
Apache Xerces-j<=2.12.1
Oracle Agile Engineering Data Management=6.2.1.0
and 56 more
CVE-2021-44224
apache. Multiple issues were addressed by updating apache to version 2.4.53.
Apple Catalina
Apple macOS Big Sur<11.6.6
<12.4
Apache HTTP server>=2.4.7<2.4.52
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 39 more
CVE-2021-44790
apache. Multiple issues were addressed by updating apache to version 2.4.53.
Apple Catalina
Apple macOS Big Sur<11.6.6
<12.4
Apache HTTP server<=2.4.51
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 40 more
CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-36090
A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This fla...
redhat/apache-commons-compress<0:1.21-1.2.el8e
IBM Cloud Pak System<=V2.3.0 - V2.3.3.3 Interim Fix 1
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.0<1.21
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
and 69 more
CVE-2021-34428
Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() me...
redhat/jenkins<0:2.289.3.1630554997-1.el8
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.4.41
redhat/jetty<10.0.3
redhat/jetty<11.0.3
and 19 more
CVE-2021-30468
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CP...
Apache CXF<3.3.11
Apache CXF>=3.4.0<3.4.4
Apache TomEE=8.0.6
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=12.2.1.3.0
and 12 more
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a...
maven/org.springframework:spring-web>=5.3.0<=5.3.6
maven/org.springframework:spring-web>=5.2.0<=5.2.14
IBM DRM<=2.0.6
redhat/spring-framework<5.3.7
redhat/spring-framework<5.2.15
VMware Spring Framework>=5.2.0<5.2.15
and 48 more
CVE-2021-22696
Apache CXF is vulnerable to a denial of service, caused by improper validation of request_uri parameter by the OAuth 2 authorization service. By sending a specially-crafted request, a remote attacker ...
Apache CXF<3.3.10
Apache CXF>=3.4.0<3.4.3
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=12.2.1.3.0
Oracle Business Intelligence=12.2.1.4.0
and 13 more
CVE-2021-28163
Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sen...
redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9
redhat/jenkins<0:2.277.3.1620393611-1.el8
redhat/runc<0:1.0.0-95.rhaos4.8.gitcd80260.el8
redhat/jetty<9.4.39
redhat/jetty<10.0.2
redhat/jetty<11.0.2
and 33 more
CVE-2021-28165
### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU re...
maven/org.eclipse.jetty:jetty-server>=11.0.0<11.0.2
maven/org.eclipse.jetty:jetty-server>=10.0.0<10.0.2
maven/org.eclipse.jetty:jetty-server>=7.2.2<9.4.39
redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9
redhat/jenkins<0:2.277.3.1620393611-1.el8
redhat/runc<0:1.0.0-95.rhaos4.8.gitcd80260.el8
and 29 more
CVE-2021-22112
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in...
Pivotal Software Spring Security<5.2.9
Pivotal Software Spring Security>=5.3.0<5.3.8
Vmware Spring Security>=5.4.0<5.4.4
Oracle Communications Element Manager>=8.2.0<=8.2.4.0
Oracle Communications Interactive Session Recorder=6.3
Oracle Communications Interactive Session Recorder=6.4
and 5 more
CVE-2020-36180
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 72 more
CVE-2020-36181
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-36179
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 65 more
CVE-2020-36183
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.00<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0.<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36182
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36184
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-36185
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-35728
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka em...
IBM Disconnected Log Collector<=v1.0 - v1.8.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.7
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.9.0<2.9.10.8
Debian Debian Linux=9.0
NetApp Service Level Manager
and 62 more
CVE-2020-36188
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 73 more
CVE-2020-36186
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-36187
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-27216
### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the sh...
redhat/rh-eclipse<1:4.17-6.el7_9
redhat/rh-eclipse-ant<0:1.10.9-1.2.el7
redhat/rh-eclipse-antlr32<0:3.2-28.1.el7
redhat/rh-eclipse-apache-sshd<1:2.4.0-5.1.el7
redhat/rh-eclipse-apiguardian<0:1.1.0-6.1.el7
redhat/rh-eclipse-args4j<0:2.33-12.2.el7
and 108 more
CVE-2020-24750
FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.Jn...
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.6
Oracle Agile PLM=9.3.6
Oracle Application Testing Suite=13.3.0.1
Oracle Autovue For Agile Product Lifecycle Management=21.0.2
Oracle Banking Corporate Lending Process Management=14.2.0
and 36 more
CVE-2020-11998
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it le...
Apache ActiveMQ=5.15.12
Oracle Communications Diameter Signaling Router>=8.0.0<=8.5.0
Oracle Communications Element Manager>=8.2.0<=8.2.4.0
Oracle Communications Session Report Manager>=8.0.0<=8.2.2
Oracle Communications Session Route Manager>=8.0.0<=8.2.2
Oracle Enterprise Repository=11.1.1.7.0
and 3 more
CVE-2021-26117
ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind
Apache ActiveMQ>=5.15.0<5.15.14
Apache ActiveMQ>=5.16.0<5.16.1
Apache ActiveMQ Artemis<2.16.0
NetApp OnCommand Workflow Automation
Debian Debian Linux=9.0
Oracle Communications Element Manager>=8.2.0<=8.2.4.0
and 7 more
CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.5
IBM ISAM<=9.0.7
IBM Security Verify Access<=10.0.0
FasterXML jackson-databind>=2.0.0<2.9.10.6
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
and 30 more
CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resour...
ubuntu/apache2<2.4.29-1ubuntu4.14
ubuntu/apache2<2.4.41-4ubuntu3.1
ubuntu/apache2<2.4.44
>=2.4.20<2.4.46
>=8.2.0<=8.2.2
>=8.2.0<=8.2.2
and 106 more
CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing conc...
redhat/httpd<2.4.44
redhat/jbcs-httpd24-apr<0:1.6.3-104.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-75.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-38.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-44.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-64.jbcs.el6
and 55 more
CVE-2020-11984
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
redhat/jbcs-httpd24-apr<0:1.6.3-104.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-75.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-38.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-44.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-64.jbcs.el6
redhat/jbcs-httpd24-jansson<0:2.11-53.jbcs.el6
and 44 more
CVE-2020-14195
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing. The highest threat from this vul...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 311 more
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; a...
redhat/tomcat6<0:6.0.24-115.el6_10
redhat/tomcat<0:7.0.76-12.el7_8
redhat/tomcat7<0:7.0.70-40.ep7.el6
redhat/tomcat8<0:8.0.36-44.ep7.el6
redhat/tomcat-native<0:1.2.23-22.redhat_22.ep7.el6
redhat/tomcat7<0:7.0.70-40.ep7.el7
and 99 more
CVE-2020-14060
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data co...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 30 more
CVE-2020-14062
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 309 more
CVE-2020-14061
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 311 more
CVE-2020-1941
Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin GUI. A remote attacker could exploit this vulnerability using a specially-craft...
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
Apache ActiveMQ>=5.0.0<=5.15.11
Oracle Communications Diameter Signaling Router>=8.0.0<=8.2.2
Oracle Communications Element Manager=8.1.1
Oracle Communications Element Manager=8.2.0
Oracle Communications Element Manager=8.2.1
and 10 more
CVE-2020-11023
### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may e...
maven/org.webjars.npm:jquery>=1.0.3<3.5.0
nuget/jQuery>=1.0.3<3.5.0
rubygems/jquery-rails<4.4.0
npm/jquery>=1.0.3<3.5.0
debian/jquery
debian/node-jquery<=2.2.4+dfsg-4
and 105 more
CVE-2020-11655
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
SQLite SQLite<=3.31.1
NetApp ONTAP Select Deploy administration utility
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 26 more
CVE-2020-1954
Apache CXF has the ability to integrate with JMX by registering an `InstrumentationManager` extension with the CXF bus. If the `createMBServerConnectorFactory` property of the default `Instrumentation...
maven/org.apache.cxf:cxf-rt-management>=3.3.0<3.3.6
maven/org.apache.cxf:cxf-rt-management<3.2.13
redhat/eap7-activemq-artemis<0:2.9.0-5.redhat_00011.1.el6ea
redhat/eap7-activemq-artemis-native<1:1.0.2-1.redhat_00001.1.el6ea
redhat/eap7-apache-commons-codec<0:1.14.0-1.redhat_00001.1.el6ea
redhat/eap7-apache-commons-lang<0:3.10.0-1.redhat_00001.1.el6ea
and 98 more
CVE-2020-1927
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL ...
redhat/jbcs-httpd24-apr<0:1.6.3-86.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-21.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-52.jbcs.el6
redhat/jbcs-httpd24-openssl<1:1.1.1c-16.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-86.jbcs.el7
redhat/jbcs-httpd24-brotli<0:1.0.6-21.jbcs.el7
and 59 more
CVE-2020-1934
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
and 50 more
CVE-2020-11113
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data co...
redhat/qpid-cpp<0:1.36.0-31.el6_10a
redhat/qpid-proton<0:0.32.0-1.el6_10
redhat/qpid-cpp<0:1.36.0-31.el7a
redhat/qpid-proton<0:0.32.0-2.el7
redhat/nodejs-rhea<0:1.0.24-1.el8
redhat/qpid-proton<0:0.32.0-2.el8
and 59 more
CVE-2020-11112
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.commons.proxy.provider.remoting.RmiProvider (aka apa...
redhat/Jackson-databind<2.9.10.4
redhat/rh-maven35-jackson-databind<0:2.7.6-2.9.el7
IBM Data Risk Manager<=2.0.6
FasterXML jackson-databind>=2.9.0<2.9.10.4
Debian Debian Linux=8.0
Netapp Steelstore Cloud Integrated Storage
and 51 more
CVE-2020-11111
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.activemq.* (aka activemq-jms, activemq-core, activem...
redhat/Jackson-databind<2.9.10.4
redhat/rh-maven35-jackson-databind<0:2.7.6-2.9.el7
IBM Data Risk Manager<=2.0.6
FasterXML jackson-databind>=2.9.0<2.9.10.4
Debian Debian Linux=8.0
Netapp Steelstore Cloud Integrated Storage
and 39 more
CVE-2020-10968
A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 345 more
CVE-2020-10673
FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.4
redhat/Jackson-databind<2.9.10.4
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
and 161 more
CVE-2020-10672
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 159 more
CVE-2020-10969
FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in javax.swing.JEditorPane. By sending specially-crafted input, an...
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 345 more
CVE-2020-9548
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data conf...
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 566 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203