Filtered by vendor Oracle Subscriptions
Filtered by product Communications Cloud Native Core Policy Subscriptions
Total 125 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-9735 3 Debian, Eclipse, Oracle 7 Debian Linux, Jetty, Communications Cloud Native Core Policy and 4 more 2024-08-05 7.5 High
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
CVE-2019-20916 5 Debian, Opensuse, Oracle and 2 more 7 Debian Linux, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more 2024-08-05 7.5 High
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
CVE-2019-18276 4 Gnu, Netapp, Oracle and 1 more 6 Bash, Hci Management Node, Oncommand Unified Manager and 3 more 2024-08-05 7.8 High
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.
CVE-2019-12399 3 Apache, Oracle, Redhat 14 Kafka, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 11 more 2024-08-04 7.5 High
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.
CVE-2019-10219 3 Netapp, Oracle, Redhat 199 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 196 more 2024-08-04 6.1 Medium
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVE-2019-10086 6 Apache, Debian, Fedoraproject and 3 more 73 Commons Beanutils, Nifi, Debian Linux and 70 more 2024-08-04 7.3 High
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
CVE-2019-3799 2 Oracle, Vmware 2 Communications Cloud Native Core Policy, Spring Cloud Config 2024-08-04 6.5 Medium
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
CVE-2020-36182 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36180 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36189 5 Debian, Fasterxml, Netapp and 2 more 42 Debian Linux, Jackson-databind, Cloud Backup and 39 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2020-36185 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-36186 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVE-2020-36184 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-36183 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CVE-2020-36188 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVE-2020-36181 5 Debian, Fasterxml, Netapp and 2 more 46 Debian Linux, Jackson-databind, Service Level Manager and 43 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36179 5 Debian, Fasterxml, Netapp and 2 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36187 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVE-2020-35728 5 Debian, Fasterxml, Netapp and 2 more 42 Debian Linux, Jackson-databind, Service Level Manager and 39 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
CVE-2020-35491 5 Debian, Fasterxml, Netapp and 2 more 28 Debian Linux, Jackson-databind, Service Level Manager and 25 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.