Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Banking Supply Chain Finance Security Vulnerabilities - 2020

cve
cve

CVE-2019-12399

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, the...

7.5CVSS

7.3AI Score

0.001EPSS

2020-01-14 03:15 PM
91
2
cve
cve

CVE-2020-24616

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

8.1CVSS

7.7AI Score

0.012EPSS

2020-08-25 06:15 PM
159
9
cve
cve

CVE-2020-24750

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

8.1CVSS

7.7AI Score

0.007EPSS

2020-09-17 07:15 PM
221
4
cve
cve

CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is ...

8.8CVSS

8.5AI Score

0.974EPSS

2020-11-16 09:15 PM
254
13
cve
cve

CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

8.1CVSS

7.7AI Score

0.004EPSS

2020-12-18 01:15 AM
273
13
cve
cve

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

8.1CVSS

7.7AI Score

0.007EPSS

2020-12-27 05:15 AM
231
19
cve
cve

CVE-2020-5413

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS

9.3AI Score

0.003EPSS

2020-07-31 08:15 PM
93
cve
cve

CVE-2020-8203

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

7.4CVSS

6.9AI Score

0.017EPSS

2020-07-15 05:15 PM
232
4