CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

9.8CVSS7.1AI score0.18671EPSS

jackson-databind: Serialization gadgets in ibatis-sqlmap

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.18345EPSS

jackson-databind: Serialization gadgets in anteros-core

RedHat Linux•added 2020/04/16 7:46 p.m.•4 views

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.03577EPSS

RedHat Linux•added 2020/04/16 7:46 p.m.•1 views

jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08537EPSS

RedHat Linux•added 2020/04/16 7:46 p.m.•3 views

jackson-databind: serialization in weblogic/oracle-aqjms

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.04421EPSS

8.1CVSS7.1AI score0.08007EPSS

jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

9.8CVSS7.1AI score0.04575EPSS

jackson-databind: Serialization gadgets in shaded-hikari-config

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

RedhatCVE•added 2020/04/16 5:3 p.m.•38 views

CVE-2020-11565

An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either n...

6CVSS6.7AI score0.00517EPSS

RedHat Linux•added 2020/04/16 2:42 p.m.•3 views

kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash

A null pointer dereference flaw was discovered in the Linux kernel's implementation of the ath10k USB device driver. The vulnerability requires the attacker to plug in a specially crafted hardware device that present endpoint descriptors that normal ath10k devices do not recognize. System...

7.8CVSS7.2AI score0.03771EPSS

RedHat Linux•added 2020/04/16 10:8 a.m.•2 views

Mozilla: Use-after-free while running the nsDocShell destructor

8.1CVSS7.2AI score0.02978EPSS

Exploits1References6

RedhatCVE•added 2020/04/16 7:3 a.m.•43 views

CVE-2019-20636

An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat fro...

7.2CVSS1.6AI score0.00384EPSS

NVD•added 2020/04/15 2:15 p.m.•20 views

CVE-2020-2859

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: nVision. Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

7.5CVSS7AI score0.01761EPSS

Exploits0References1

RedhatCVE•added 2020/04/14 7:25 p.m.•47 views

CVE-2019-14901

A heap overflow flaw was found in the Linux kernel's Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If cod...

10CVSS6AI score0.16908EPSS

RedHat Linux•added 2020/04/14 1:4 p.m.•0 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS

Exploits1References9

RedhatCVE•added 2020/04/14 4:35 a.m.•36 views

CVE-2020-1722

A flaw was found in IPA. When sending a very long password = 1,000,000 characters to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability...

5.4CVSS2.7AI score0.01047EPSS