Oracle

Communications Diameter Signaling Router

80 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2020-9484

  • EPSS 93.33%
  • Published 20.05.2020 19:15:09
  • Last modified 21.11.2024 05:40:44

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste...

6.1

CVE-2020-1941

  • EPSS 5.3%
  • Published 14.05.2020 17:15:12
  • Last modified 21.11.2024 05:11:39

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

9.8

CVE-2020-11973

  • EPSS 8.42%
  • Published 14.05.2020 17:15:12
  • Last modified 21.11.2024 04:59:01

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

9.8

CVE-2020-11972

  • EPSS 8.39%
  • Published 14.05.2020 17:15:12
  • Last modified 21.11.2024 04:59:01

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

7.5

CVE-2020-11971

  • EPSS 2.05%
  • Published 14.05.2020 17:15:12
  • Last modified 21.11.2024 04:59:00

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

6.3

CVE-2020-1945

  • EPSS 0.02%
  • Published 14.05.2020 16:15:12
  • Last modified 21.11.2024 05:11:42

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr...

9.8

CVE-2020-10683

  • EPSS 1.96%
  • Published 01.05.2020 19:15:12
  • Last modified 21.11.2024 04:55:50

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...

7.5

CVE-2020-7067

Exploit
  • EPSS 9.98%
  • Published 27.04.2020 21:15:14
  • Last modified 21.11.2024 05:36:36

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers a...

8.1

CVE-2020-11619

  • EPSS 1.73%
  • Published 07.04.2020 23:15:12
  • Last modified 21.11.2024 04:58:15

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

5.3

CVE-2020-1954

  • EPSS 0.1%
  • Published 01.04.2020 21:15:14
  • Last modified 21.11.2024 05:11:43

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to...