Oracle

Jd Edwards Enterpriseone Tools

149 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2020-36187

Exploit
  • EPSS 2.15%
  • Veröffentlicht 06.01.2021 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:57

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

8.1

CVE-2020-36188

Exploit
  • EPSS 7.89%
  • Veröffentlicht 06.01.2021 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:57

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

8.1

CVE-2020-36189

Exploit
  • EPSS 3%
  • Veröffentlicht 06.01.2021 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:58

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

8.1

CVE-2020-36181

Exploit
  • EPSS 5.41%
  • Veröffentlicht 06.01.2021 23:15:12
  • Zuletzt bearbeitet 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-35728

  • EPSS 42.32%
  • Veröffentlicht 27.12.2020 05:15:11
  • Zuletzt bearbeitet 27.08.2025 21:15:36

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.js...

8.1

CVE-2020-28052

Exploit
  • EPSS 3.78%
  • Veröffentlicht 18.12.2020 01:15:12
  • Zuletzt bearbeitet 12.05.2025 17:37:16

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previous...

5.9

CVE-2020-1971

  • EPSS 0.34%
  • Veröffentlicht 08.12.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:45

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...

7.5

CVE-2020-25649

  • EPSS 0.02%
  • Veröffentlicht 03.12.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

5.3

CVE-2020-13956

  • EPSS 0.51%
  • Veröffentlicht 02.12.2020 17:15:14
  • Zuletzt bearbeitet 01.12.2025 16:15:48

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

7.5

CVE-2020-8277

  • EPSS 59.17%
  • Veröffentlicht 19.11.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:38

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number...