Oracle

Communications Session Route Manager

74 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2020-28052

Exploit
  • EPSS 3.78%
  • Veröffentlicht 18.12.2020 01:15:12
  • Zuletzt bearbeitet 12.05.2025 17:37:16

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previous...

5.8

CVE-2020-27218

  • EPSS 0.6%
  • Veröffentlicht 28.11.2020 01:15:11
  • Zuletzt bearbeitet 21.11.2024 05:20:52

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if a...

8.1

CVE-2020-24750

  • EPSS 2.11%
  • Veröffentlicht 17.09.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:16:00

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

9.8

CVE-2020-11998

  • EPSS 7.58%
  • Veröffentlicht 10.09.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:59:05

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https:...

7.5

CVE-2020-9490

  • EPSS 75.82%
  • Veröffentlicht 07.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via ...

9.8

CVE-2020-11984

Exploit
  • EPSS 76.31%
  • Veröffentlicht 07.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:02

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

7.5

CVE-2020-11993

Exploit
  • EPSS 38.85%
  • Veröffentlicht 07.08.2020 16:15:11
  • Zuletzt bearbeitet 01.05.2025 15:40:19

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev...

8.1

CVE-2020-14195

  • EPSS 9.51%
  • Veröffentlicht 16.06.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:50

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

8.1

CVE-2020-14060

  • EPSS 8.72%
  • Veröffentlicht 14.06.2020 21:15:09
  • Zuletzt bearbeitet 21.11.2024 05:02:27

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

8.1

CVE-2020-14062

  • EPSS 7.71%
  • Veröffentlicht 14.06.2020 20:15:10
  • Zuletzt bearbeitet 21.11.2024 05:02:28

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).