Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Decision Manager Security Vulnerabilities - 2020

cve
cve

CVE-2019-14862

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

6.1CVSS

6.2AI Score

0.001EPSS

2020-01-02 03:15 PM
135
4
cve
cve

CVE-2019-14863

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

6.1CVSS

6.1AI Score

0.001EPSS

2020-01-02 03:15 PM
91
cve
cve

CVE-2019-14886

A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords...

6.5CVSS

6.3AI Score

0.001EPSS

2020-03-05 06:15 PM
67
4
cve
cve

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

9.8CVSS

9.4AI Score

0.004EPSS

2020-03-02 05:15 PM
169
cve
cve

CVE-2019-14900

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unautho...

6.5CVSS

6.7AI Score

0.001EPSS

2020-07-06 07:15 PM
167
cve
cve

CVE-2020-1714

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code...

8.8CVSS

8.5AI Score

0.008EPSS

2020-05-13 07:15 PM
109
cve
cve

CVE-2020-1720

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue ...

6.5CVSS

6.5AI Score

0.001EPSS

2020-03-17 04:15 PM
383
2
cve
cve

CVE-2020-1748

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure ...

7.5CVSS

7.2AI Score

0.002EPSS

2020-09-16 04:15 PM
118