9 matches found
CVE-2022-22963
CVE-2022-22963 affects Spring Cloud Function: in versions 3.1.6, 3.2.2 and older unsupported releases, routing-expression using SpEL can be crafted by a user to trigger remote code execution and access local resources. The root cause is unsafe evaluation of SpEL within the HTTP request routing he...
CVE-2020-1945
This CVE (CVE-2020-1945) affects Apache Ant. Connected Arch Linux advisory ASA-202005-15 confirms the vulnerability exists in ant before version 1.10.8-1, where Ant uses java.io.tmpdir for several tasks and can leak sensitive information. The fixcrlf and replaceregexp tasks may copy files from th...
CVE-2020-8203
CVE-2020-8203 : Prototype pollution via lodash.zipObjectDeep in lodash versions before 4.17.20. The vulnerability allows modification of object prototypes, enabling attacker-controlled properties. IBM X-Force records this as a high-risk issue (CVSS~7.5; I/H, A/H; network driver with no user inter...
CVE-2020-24750
CVE-2020-24750 affects FasterXML jackson-databind 2.x prior to 2.9.10.6, where the interaction between serialization gadgets and typing is mishandled (CWE-502). This deserialization flaw could enable exploitation via untrusted data; the connected IBM/Cloudera doc confirms the CVE entry but does n...
CVE-2020-24616
The CVE-2020-24616 vulnerability affects FasterXML jackson-databind 2.x prior to 2.9.10.6, arising from the interaction between serialization gadgets and typing (related to br.com.anteros.dbcp.AnterosDBCPDataSource). Root cause is unsafe deserialization via Gadget chains in Jackson Databind. Impa...
CVE-2019-12399
CVE-2019-12399 affects Apache Kafka Connect: when Connect workers are configured with config providers and a connector uses an externalized secret variable within a substring of a configuration value, an attacker can request a cluster’s task configuration and receive the plaintext secret instead ...
CVE-2024-21285
Oracle Banking Liquidity Management (Oracle Financial Services Applications) is affected in version 14.5.0.12.0, specifically the Reports component. The issue allows a low-privilege, network-access attacker (HTTP) to compromise the system, with human interaction required, potentially resulting in...
CVE-2024-21281
CVE-2024-21281 affects Oracle Banking Liquidity Management (Infrastructure) in Oracle Financial Services Applications, specifically version 14.7.0.6.0. Affected component can be exploited by a high-privilege attacker with network access via HTTP; exploitation requires user interaction. Impact per...
CVE-2024-21284
CVE-2024-21284 affects Oracle Banking Liquidity Management (Oracle Financial Services Applications), component Reports, in version 14.5.0.12.0. The vulnerability can be exploited by a low-privileged attacker with HTTP network access, requiring user interaction, and can lead to takeover of the aff...