- EPSS 56.64%
- Veröffentlicht 20.05.2020 19:15:09
- Zuletzt bearbeitet 21.11.2024 05:40:44
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste...
CVE-2020-10683
- EPSS 7.27%
- Veröffentlicht 01.05.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:50
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...
CVE-2020-11619
- EPSS 3.61%
- Veröffentlicht 07.04.2020 23:15:12
- Zuletzt bearbeitet 29.04.2026 20:06:42
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CVE-2020-11112
- EPSS 3.58%
- Veröffentlicht 31.03.2020 05:15:13
- Zuletzt bearbeitet 29.04.2026 18:58:57
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVE-2020-11111
- EPSS 3.49%
- Veröffentlicht 31.03.2020 05:15:13
- Zuletzt bearbeitet 21.11.2024 04:56:48
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CVE-2020-11113
- EPSS 6.28%
- Veröffentlicht 31.03.2020 05:15:13
- Zuletzt bearbeitet 29.04.2026 20:05:54
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-10969
- EPSS 3.47%
- Veröffentlicht 26.03.2020 13:15:13
- Zuletzt bearbeitet 21.11.2024 04:56:28
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVE-2020-10968
- EPSS 3.54%
- Veröffentlicht 26.03.2020 13:15:12
- Zuletzt bearbeitet 21.11.2024 04:56:28
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVE-2020-10673
- EPSS 7.96%
- Veröffentlicht 18.03.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:49
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CVE-2020-10672
- EPSS 2.96%
- Veröffentlicht 18.03.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:49
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).