Oracle

Communications Diameter Signaling Router

80 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2020-9484

  • EPSS 93.33%
  • Veröffentlicht 20.05.2020 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:40:44

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste...

6.1

CVE-2020-1941

  • EPSS 5.3%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:39

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

9.8

CVE-2020-11973

  • EPSS 8.42%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:01

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

9.8

CVE-2020-11972

  • EPSS 8.39%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:01

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

7.5

CVE-2020-11971

  • EPSS 9.7%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:00

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

6.3

CVE-2020-1945

  • EPSS 0.04%
  • Veröffentlicht 14.05.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:42

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr...

9.8

CVE-2020-10683

  • EPSS 6.96%
  • Veröffentlicht 01.05.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:50

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...

7.5

CVE-2020-7067

Exploit
  • EPSS 9.98%
  • Veröffentlicht 27.04.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:36:36

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers a...

8.1

CVE-2020-11619

  • EPSS 1.73%
  • Veröffentlicht 07.04.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:15

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

5.3

CVE-2020-1954

  • EPSS 0.11%
  • Veröffentlicht 01.04.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:11:43

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to...