Oracle

Communications Services Gatekeeper

45 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2020-35490

Exploit
  • EPSS 5.58%
  • Published 17.12.2020 19:15:14
  • Last modified 21.11.2024 05:27:24

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

5.5

CVE-2020-17521

  • EPSS 0.36%
  • Published 07.12.2020 20:15:12
  • Last modified 21.11.2024 05:08:16

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operatin...

7.5

CVE-2020-25649

  • EPSS 0.01%
  • Published 03.12.2020 17:15:12
  • Last modified 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

5.8

CVE-2020-27218

  • EPSS 0.6%
  • Published 28.11.2020 01:15:11
  • Last modified 21.11.2024 05:20:52

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if a...

7

CVE-2020-27216

Exploit
  • EPSS 0.03%
  • Published 23.10.2020 13:15:16
  • Last modified 21.11.2024 05:20:52

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can obser...

8.1

CVE-2020-24750

  • EPSS 2.11%
  • Published 17.09.2020 19:15:13
  • Last modified 21.11.2024 05:16:00

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

8.1

CVE-2020-24616

  • EPSS 3.78%
  • Published 25.08.2020 18:15:11
  • Last modified 21.11.2024 05:15:09

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

6.1

CVE-2020-11022

Exploit
  • EPSS 22.55%
  • Published 29.04.2020 22:15:11
  • Last modified 21.11.2024 04:56:36

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob...

6.1

CVE-2020-11023

Warning Exploit
  • EPSS 21.32%
  • Published 29.04.2020 21:15:11
  • Last modified 24.01.2025 02:00:02

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex...

4.3

CVE-2020-9488

  • EPSS 0.01%
  • Published 27.04.2020 16:15:12
  • Last modified 21.11.2024 05:40:45

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo...