CVE-2020-7226
- EPSS 3.33%
- Veröffentlicht 24.01.2020 15:15:14
- Zuletzt bearbeitet 21.11.2024 05:36:52
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted...
CVE-2020-5397
- EPSS 2.38%
- Veröffentlicht 17.01.2020 19:15:14
- Zuletzt bearbeitet 21.11.2024 05:34:03
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vul...
CVE-2020-5398
- EPSS 88.08%
- Veröffentlicht 17.01.2020 00:15:12
- Zuletzt bearbeitet 21.11.2024 05:34:04
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response...
CVE-2020-2549
- EPSS 1.94%
- Veröffentlicht 15.01.2020 17:15:17
- Zuletzt bearbeitet 21.11.2024 05:25:30
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network acce...
CVE-2020-2550
- EPSS 0.53%
- Veröffentlicht 15.01.2020 17:15:17
- Zuletzt bearbeitet 21.11.2024 05:25:30
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high...
CVE-2020-2551
- EPSS 93.17%
- Veröffentlicht 15.01.2020 17:15:17
- Zuletzt bearbeitet 27.10.2025 17:09:04
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unau...
CVE-2020-2552
- EPSS 0.83%
- Veröffentlicht 15.01.2020 17:15:17
- Zuletzt bearbeitet 21.11.2024 05:25:31
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker wit...
CVE-2020-2544
- EPSS 0.97%
- Veröffentlicht 15.01.2020 17:15:16
- Zuletzt bearbeitet 21.11.2024 05:25:29
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated ...
CVE-2020-2546
- EPSS 5.14%
- Veröffentlicht 15.01.2020 17:15:16
- Zuletzt bearbeitet 21.11.2024 05:25:29
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated a...
CVE-2020-2547
- EPSS 0.89%
- Veröffentlicht 15.01.2020 17:15:16
- Zuletzt bearbeitet 21.11.2024 05:25:30
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged ...