Filtered by vendor Oracle Subscriptions
Filtered by product Communications Network Charging And Control Subscriptions
Total 39 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-15358 6 Apple, Canonical, Oracle and 3 more 17 Icloud, Ipados, Iphone Os and 14 more 2024-11-21 5.5 Medium
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
CVE-2020-13871 6 Debian, Fedoraproject, Netapp and 3 more 12 Debian Linux, Fedora, Cloud Backup and 9 more 2024-11-21 7.5 High
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2020-13632 9 Brocade, Canonical, Debian and 6 more 14 Fabric Operating System, Ubuntu Linux, Debian Linux and 11 more 2024-11-21 5.5 Medium
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
CVE-2020-13631 9 Apple, Brocade, Canonical and 6 more 20 Icloud, Ipados, Iphone Os and 17 more 2024-11-21 5.5 Medium
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13630 10 Apple, Brocade, Canonical and 7 more 21 Icloud, Ipados, Iphone Os and 18 more 2024-11-21 7.0 High
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVE-2020-13434 8 Apple, Canonical, Debian and 5 more 16 Icloud, Ipados, Iphone Os and 13 more 2024-11-21 5.5 Medium
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2020-11656 5 Netapp, Oracle, Siemens and 2 more 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more 2024-11-21 9.8 Critical
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2020-11655 7 Canonical, Debian, Netapp and 4 more 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more 2024-11-21 7.5 High
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-11620 5 Debian, Fasterxml, Netapp and 2 more 26 Debian Linux, Jackson-databind, Active Iq Unified Manager and 23 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
CVE-2020-11619 5 Debian, Fasterxml, Netapp and 2 more 31 Debian Linux, Jackson-databind, Active Iq Unified Manager and 28 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CVE-2020-11113 5 Debian, Fasterxml, Netapp and 2 more 41 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 38 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-11112 5 Debian, Fasterxml, Netapp and 2 more 39 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 36 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVE-2020-11111 5 Debian, Fasterxml, Netapp and 2 more 33 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 30 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CVE-2020-10969 5 Debian, Fasterxml, Netapp and 2 more 41 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 38 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVE-2020-10968 5 Debian, Fasterxml, Netapp and 2 more 41 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 38 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVE-2020-10673 5 Debian, Fasterxml, Netapp and 2 more 40 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 37 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CVE-2020-10672 5 Debian, Fasterxml, Netapp and 2 more 40 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 37 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
CVE-2019-20330 5 Debian, Fasterxml, Netapp and 2 more 40 Debian Linux, Jackson-databind, Active Iq Unified Manager and 37 more 2024-11-21 9.8 Critical
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVE-2019-10219 3 Netapp, Oracle, Redhat 199 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 196 more 2024-11-21 6.1 Medium
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.