Oracle

Documaker

23 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2020-36188

Exploit
  • EPSS 8.16%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:57

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

8.1

CVE-2020-36187

Exploit
  • EPSS 2.41%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:57

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

8.1

CVE-2020-36185

Exploit
  • EPSS 2.32%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:56

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

8.1

CVE-2020-36184

Exploit
  • EPSS 5.95%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:56

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

8.1

CVE-2020-36181

Exploit
  • EPSS 7.39%
  • Published 06.01.2021 23:15:12
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-35491

Exploit
  • EPSS 8.06%
  • Published 17.12.2020 19:15:14
  • Last modified 21.11.2024 05:27:24

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

8.1

CVE-2020-35490

Exploit
  • EPSS 5.58%
  • Published 17.12.2020 19:15:14
  • Last modified 21.11.2024 05:27:24

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

9.8

CVE-2020-10683

  • EPSS 1.96%
  • Published 01.05.2020 19:15:12
  • Last modified 21.11.2024 04:55:50

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...

5

CVE-2020-5258

Exploit
  • EPSS 1.99%
  • Published 10.03.2020 18:15:12
  • Last modified 21.11.2024 05:33:46

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker ...

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Published 08.11.2019 15:15:11
  • Last modified 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.