CVE-2021-2351
- EPSS 3.54%
- Veröffentlicht 21.07.2021 15:15:21
- Zuletzt bearbeitet 21.11.2024 06:02:56
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracl...
CVE-2021-23017
- EPSS 76.12%
- Veröffentlicht 01.06.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 05:51:09
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2021-29425
- EPSS 0.48%
- Veröffentlicht 13.04.2021 07:15:12
- Zuletzt bearbeitet 21.11.2024 06:01:04
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...
CVE-2020-36183
- EPSS 2.72%
- Veröffentlicht 07.01.2021 00:15:15
- Zuletzt bearbeitet 21.11.2024 05:28:55
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CVE-2020-36182
- EPSS 2.51%
- Veröffentlicht 07.01.2021 00:15:14
- Zuletzt bearbeitet 21.11.2024 05:28:55
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36180
- EPSS 2.72%
- Veröffentlicht 07.01.2021 00:15:14
- Zuletzt bearbeitet 21.11.2024 05:28:54
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36179
- EPSS 61.3%
- Veröffentlicht 07.01.2021 00:15:14
- Zuletzt bearbeitet 21.11.2024 05:28:54
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36187
- EPSS 2.41%
- Veröffentlicht 06.01.2021 23:15:13
- Zuletzt bearbeitet 21.11.2024 05:28:57
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVE-2020-36184
- EPSS 5.95%
- Veröffentlicht 06.01.2021 23:15:13
- Zuletzt bearbeitet 21.11.2024 05:28:56
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-36185
- EPSS 2.32%
- Veröffentlicht 06.01.2021 23:15:13
- Zuletzt bearbeitet 21.11.2024 05:28:56
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.