Oracle

Communications Pricing Design Center

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2020-27216

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.10.2020 13:15:16
  • Zuletzt bearbeitet 21.11.2024 05:20:52

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can obser...

7.5

CVE-2020-25648

  • EPSS 0.12%
  • Veröffentlicht 20.10.2020 22:15:43
  • Zuletzt bearbeitet 21.11.2024 05:18:20

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this ...

8.1

CVE-2020-24750

  • EPSS 2.11%
  • Veröffentlicht 17.09.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:16:00

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

8.1

CVE-2020-24616

  • EPSS 3.78%
  • Veröffentlicht 25.08.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:09

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

8.6

CVE-2020-10878

  • EPSS 0.11%
  • Veröffentlicht 05.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:56:16

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

8.2

CVE-2020-10543

  • EPSS 3.94%
  • Veröffentlicht 05.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:32

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

5

CVE-2020-5258

Exploit
  • EPSS 1.99%
  • Veröffentlicht 10.03.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:46

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker ...

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Veröffentlicht 08.11.2019 15:15:11
  • Zuletzt bearbeitet 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

9.8

CVE-2019-17195

  • EPSS 11.34%
  • Veröffentlicht 15.10.2019 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:50

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

7.5

CVE-2019-10086

  • EPSS 0.26%
  • Veröffentlicht 20.08.2019 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:22

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa...