Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
OracleBanking Virtual Account Management14.2.0

30 matches found

CVE
CVEadded 2021/03/23 12:15 a.m.404 views

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on thes...

9.1CVSS7.3AI score0.01358EPSS
CVE
CVEadded 2021/03/23 12:15 a.m.401 views

CVE-2021-21343

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on thes...

7.5CVSS7.1AI score0.00832EPSS
CVE
CVEadded 2021/03/23 12:15 a.m.354 views

CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8AI score0.27692EPSS
CVE
CVEadded 2021/03/23 12:15 a.m.353 views

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the r...

9.1CVSS8.1AI score0.90494EPSS
CVE
CVEadded 2020/11/16 9:15 p.m.334 views

CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is ...

9.3CVSS8.2AI score0.93566EPSS
CVE
CVEadded 2021/03/23 12:15 a.m.329 views

CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8.3AI score0.03899EPSS
CVE
CVEadded 2021/03/23 12:15 a.m.328 views

CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who foll...

9.9CVSS7.8AI score0.85307EPSS
CVE
CVEadded 2020/12/18 1:15 a.m.325 views

CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

8.1CVSS7.7AI score0.0378EPSS
CVE
CVEadded 2021/03/23 12:15 a.m.318 views

CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8.3AI score0.02592EPSS
CVE
CVEadded 2020/07/15 5:15 p.m.316 views

CVE-2020-8203

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

7.4CVSS6.9AI score0.03276EPSS
CVE
CVEadded 2021/03/23 12:15 a.m.315 views

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affe...

8.6CVSS7.8AI score0.05816EPSS
CVE
CVEadded 2021/03/23 12:15 a.m.312 views

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup...

9.8CVSS8AI score0.08098EPSS
CVE
CVEadded 2021/03/23 12:15 a.m.300 views

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup X...

7.8CVSS7.2AI score0.00265EPSS
CVE
CVEadded 2020/12/27 5:15 a.m.264 views

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

8.1CVSS7.7AI score0.41431EPSS
CVE
CVEadded 2021/01/07 12:15 a.m.263 views

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.01957EPSS
CVE
CVEadded 2021/01/07 12:15 a.m.262 views

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

8.1CVSS7.7AI score0.02421EPSS
CVE
CVEadded 2021/01/06 11:15 p.m.259 views

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

8.1CVSS7.7AI score0.02635EPSS
CVE
CVEadded 2021/01/07 12:15 a.m.254 views

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.61296EPSS
CVE
CVEadded 2021/01/07 12:15 a.m.254 views

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.02121EPSS
CVE
CVEadded 2021/01/06 11:15 p.m.253 views

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

8.1CVSS7.7AI score0.01957EPSS
CVE
CVEadded 2021/01/06 11:15 p.m.252 views

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

8.8CVSS7.7AI score0.05061EPSS
CVE
CVEadded 2021/01/06 11:15 p.m.251 views

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

8.1CVSS7.7AI score0.0698EPSS
CVE
CVEadded 2021/01/06 11:15 p.m.246 views

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.06306EPSS
CVE
CVEadded 2021/01/06 11:15 p.m.242 views

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

8.1CVSS7.7AI score0.0221EPSS
CVE
CVEadded 2021/01/06 11:15 p.m.240 views

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

8.1CVSS7.7AI score0.02039EPSS
CVE
CVEadded 2020/12/17 7:15 p.m.230 views

CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

8.1CVSS7.7AI score0.06892EPSS
CVE
CVEadded 2020/12/17 7:15 p.m.222 views

CVE-2020-35490

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

8.1CVSS7.7AI score0.04749EPSS
CVE
CVEadded 2021/03/19 4:15 p.m.158 views

CVE-2021-27906

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5CVSS5.6AI score0.00331EPSS
CVE
CVEadded 2021/03/19 4:15 p.m.153 views

CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5CVSS5.6AI score0.00331EPSS
CVE
CVEadded 2020/07/31 8:15 p.m.123 views

CVE-2020-5413

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS9.4AI score0.02178EPSS