Oracle

Communications Offline Mediation Controller

37 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2020-36181

Exploit
  • EPSS 7.39%
  • Veröffentlicht 06.01.2021 23:15:12
  • Zuletzt bearbeitet 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-35491

Exploit
  • EPSS 8.06%
  • Veröffentlicht 17.12.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:27:24

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

8.1

CVE-2020-35490

Exploit
  • EPSS 5.58%
  • Veröffentlicht 17.12.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:27:24

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

6.1

CVE-2020-27783

Exploit
  • EPSS 1.14%
  • Veröffentlicht 03.12.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:49

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbit...

7.5

CVE-2020-25649

  • EPSS 0.01%
  • Veröffentlicht 03.12.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

5.8

CVE-2020-27218

  • EPSS 0.6%
  • Veröffentlicht 28.11.2020 01:15:11
  • Zuletzt bearbeitet 21.11.2024 05:20:52

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if a...

7.5

CVE-2019-17566

  • EPSS 0.82%
  • Veröffentlicht 12.11.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:32:32

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make ...

7.5

CVE-2020-28196

  • EPSS 0.38%
  • Veröffentlicht 06.11.2020 08:15:13
  • Zuletzt bearbeitet 21.11.2024 05:22:27

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

7

CVE-2020-27216

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.10.2020 13:15:16
  • Zuletzt bearbeitet 21.11.2024 05:20:52

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can obser...

7.5

CVE-2020-25648

  • EPSS 0.12%
  • Veröffentlicht 20.10.2020 22:15:43
  • Zuletzt bearbeitet 21.11.2024 05:18:20

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this ...