CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2020/07/28 4:11 p.m.•22 views

CVE-2020-14316

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances VMIs can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any...

6.5CVSS2.1AI score0.01576EPSS

Exploits0References3

RedHat Linux•added 2020/07/28 3:54 p.m.•4 views

jackson-databind: Serialization gadgets in anteros-core

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.18345EPSS

RedHat Linux•added 2020/07/28 3:54 p.m.•0 views

cxf: OpenId Connect token service does not properly validate the clientId

A flaw was found in cxf in versions prior to 3.2.11 and 3.3.4. The access token services do not properly validate that an authenticated principal is equal to that of the supplied clientId parameter allowing a malicious client to use an authorization code that has been issued to a different client...

9.8CVSS7.3AI score0.13836EPSS

9.8CVSS7.1AI score0.18671EPSS

jackson-databind: Serialization gadgets in ibatis-sqlmap

8.8CVSS7.1AI score0.02959EPSS

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.03577EPSS

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.05594EPSS

jackson-databind: Serialization gadgets in commons-jelly:commons-jelly

8.1CVSS7.1AI score0.04511EPSS

jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

RedHat Linux•added 2020/07/28 3:54 p.m.•0 views

jackson-databind: serialization in weblogic/oracle-aqjms

8.1CVSS7.1AI score0.04421EPSS

8.8CVSS7.1AI score0.03538EPSS

jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider

A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.04575EPSS

jackson-databind: Serialization gadgets in shaded-hikari-config

8.1CVSS7.1AI score0.08537EPSS

jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.07963EPSS

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

8.8CVSS7.1AI score0.03554EPSS

jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Exploits0References5

8.1CVSS7.1AI score0.08007EPSS

jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

RedHat Linux•added 2020/07/28 3:54 p.m.•3 views

jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime

8.8CVSS7.1AI score0.06227EPSS

Exploits0References5

RedhatCVE•added 2020/07/28 1:38 p.m.•24 views

CVE-2020-14334

A flaw was found in Red Hat Satellite. An attacker could gain access to cache files further allowing access to cached credentials that could help the attacker to gain complete control of the Satellite instance. The highest threat from this vulnerability is to data confidentiality and integrity as...

4.6CVSS2.7AI score0.00315EPSS

Exploits0References3

RedHat Linux•added 2020/07/28 12:42 p.m.•1 views

postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML

A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability...

7.7CVSS5.8AI score0.04094EPSS