CVE-2020-36186
- EPSS 5.22%
- Veröffentlicht 06.01.2021 23:15:13
- Zuletzt bearbeitet 21.11.2024 05:28:56
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVE-2020-36187
- EPSS 5.2%
- Veröffentlicht 06.01.2021 23:15:13
- Zuletzt bearbeitet 21.11.2024 05:28:57
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVE-2020-36188
- EPSS 10.91%
- Veröffentlicht 06.01.2021 23:15:13
- Zuletzt bearbeitet 21.11.2024 05:28:57
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVE-2020-36189
- EPSS 4.91%
- Veröffentlicht 06.01.2021 23:15:13
- Zuletzt bearbeitet 21.11.2024 05:28:58
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2020-36181
- EPSS 5.02%
- Veröffentlicht 06.01.2021 23:15:12
- Zuletzt bearbeitet 21.11.2024 05:28:55
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-8265
- EPSS 9.01%
- Veröffentlicht 06.01.2021 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:38:37
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap ...
CVE-2020-8287
- EPSS 16.3%
- Veröffentlicht 06.01.2021 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:38:39
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This c...
CVE-2020-27842
- EPSS 1.44%
- Veröffentlicht 05.01.2021 18:15:14
- Zuletzt bearbeitet 21.11.2024 05:21:54
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
CVE-2020-27843
- EPSS 1.68%
- Veröffentlicht 05.01.2021 18:15:14
- Zuletzt bearbeitet 21.11.2024 05:21:55
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system ...
CVE-2020-27844
- EPSS 1.33%
- Veröffentlicht 05.01.2021 18:15:14
- Zuletzt bearbeitet 21.11.2024 05:21:55
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerabili...