Oracle

Agile Plm

70 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-13935

  • EPSS 92.02%
  • Published 14.07.2020 15:15:11
  • Last modified 21.11.2024 05:02:10

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with inv...

7.5

CVE-2020-13934

  • EPSS 23.38%
  • Published 14.07.2020 15:15:11
  • Last modified 21.11.2024 05:02:10

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException co...

8.1

CVE-2020-14195

  • EPSS 9.51%
  • Published 16.06.2020 16:15:11
  • Last modified 21.11.2024 05:02:50

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

8.1

CVE-2020-14060

  • EPSS 8.72%
  • Published 14.06.2020 21:15:09
  • Last modified 21.11.2024 05:02:27

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

8.1

CVE-2020-14062

  • EPSS 7.71%
  • Published 14.06.2020 20:15:10
  • Last modified 21.11.2024 05:02:28

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).

8.1

CVE-2020-14061

  • EPSS 6.15%
  • Published 14.06.2020 20:15:10
  • Last modified 27.08.2025 21:15:35

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, o...

7

CVE-2020-9484

  • EPSS 93.33%
  • Published 20.05.2020 19:15:09
  • Last modified 21.11.2024 05:40:44

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste...

9.8

CVE-2020-10683

  • EPSS 1.96%
  • Published 01.05.2020 19:15:12
  • Last modified 21.11.2024 04:55:50

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...

8.1

CVE-2020-11619

  • EPSS 1.73%
  • Published 07.04.2020 23:15:12
  • Last modified 21.11.2024 04:58:15

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

8.8

CVE-2020-11111

  • EPSS 2.2%
  • Published 31.03.2020 05:15:13
  • Last modified 21.11.2024 04:56:48

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).