CVE-2020-11023
- EPSS 83.83%
- Veröffentlicht 29.04.2020 21:15:11
- Zuletzt bearbeitet 07.11.2025 19:32:52
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex...
CVE-2020-2733
- EPSS 18.65%
- Veröffentlicht 15.04.2020 14:15:22
- Zuletzt bearbeitet 21.11.2024 05:26:07
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network acc...
CVE-2020-11619
- EPSS 3.61%
- Veröffentlicht 07.04.2020 23:15:12
- Zuletzt bearbeitet 29.04.2026 20:06:42
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CVE-2020-11620
- EPSS 5.59%
- Veröffentlicht 07.04.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:15
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
CVE-2020-11111
- EPSS 3.49%
- Veröffentlicht 31.03.2020 05:15:13
- Zuletzt bearbeitet 21.11.2024 04:56:48
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CVE-2020-11112
- EPSS 3.58%
- Veröffentlicht 31.03.2020 05:15:13
- Zuletzt bearbeitet 29.04.2026 18:58:57
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVE-2020-11113
- EPSS 6.28%
- Veröffentlicht 31.03.2020 05:15:13
- Zuletzt bearbeitet 29.04.2026 20:05:54
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-10969
- EPSS 3.47%
- Veröffentlicht 26.03.2020 13:15:13
- Zuletzt bearbeitet 21.11.2024 04:56:28
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVE-2020-10968
- EPSS 3.54%
- Veröffentlicht 26.03.2020 13:15:12
- Zuletzt bearbeitet 21.11.2024 04:56:28
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVE-2020-10672
- EPSS 2.96%
- Veröffentlicht 18.03.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:49
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).