Lucene search

K
OracleFinancial Services Institutional Performance Analytics

16 matches found

CVE
CVE
added 2020/04/29 10:15 p.m.6921 views

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

6.9CVSS7.2AI score0.23711EPSS
CVE
CVE
added 2019/04/20 12:29 a.m.2190 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.02394EPSS
CVE
CVE
added 2020/03/02 4:15 a.m.462 views

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

9.8CVSS9.2AI score0.02206EPSS
CVE
CVE
added 2020/03/31 5:15 a.m.410 views

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

8.8CVSS8.3AI score0.61746EPSS
CVE
CVE
added 2020/04/27 4:15 p.m.400 views

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

4.3CVSS6AI score0.00016EPSS
CVE
CVE
added 2020/03/18 10:15 p.m.372 views

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).

8.8CVSS8.3AI score0.4007EPSS
CVE
CVE
added 2020/03/26 1:15 p.m.355 views

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).

8.8CVSS8.3AI score0.06632EPSS
CVE
CVE
added 2020/03/26 1:15 p.m.350 views

CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

8.8CVSS8.3AI score0.01478EPSS
CVE
CVE
added 2020/03/31 5:15 a.m.350 views

CVE-2020-11111

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).

8.8CVSS8.3AI score0.02196EPSS
CVE
CVE
added 2020/03/18 10:15 p.m.343 views

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).

8.8CVSS8.3AI score0.20473EPSS
CVE
CVE
added 2020/03/31 5:15 a.m.326 views

CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

8.8CVSS8.3AI score0.11418EPSS
CVE
CVE
added 2021/01/07 12:15 a.m.263 views

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.01957EPSS
CVE
CVE
added 2021/01/07 12:15 a.m.254 views

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.61296EPSS
CVE
CVE
added 2021/01/07 12:15 a.m.254 views

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.02121EPSS
CVE
CVE
added 2021/01/06 11:15 p.m.252 views

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

8.8CVSS7.7AI score0.05061EPSS
CVE
CVE
added 2021/01/06 11:15 p.m.246 views

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.06306EPSS