Filtered by vendor Oracle Subscriptions
Filtered by product Communications Network Charging And Control Subscriptions
Total 39 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-13434 8 Apple, Canonical, Debian and 5 more 16 Icloud, Ipados, Iphone Os and 13 more 2024-08-04 5.5 Medium
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2020-11656 5 Netapp, Oracle, Siemens and 2 more 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more 2024-08-04 9.8 Critical
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2020-11655 7 Canonical, Debian, Netapp and 4 more 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more 2024-08-04 7.5 High
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-11620 5 Debian, Fasterxml, Netapp and 2 more 26 Debian Linux, Jackson-databind, Active Iq Unified Manager and 23 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
CVE-2020-11619 5 Debian, Fasterxml, Netapp and 2 more 31 Debian Linux, Jackson-databind, Active Iq Unified Manager and 28 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CVE-2020-11112 5 Debian, Fasterxml, Netapp and 2 more 39 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 36 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVE-2020-11113 5 Debian, Fasterxml, Netapp and 2 more 41 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 38 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-11111 5 Debian, Fasterxml, Netapp and 2 more 33 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 30 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CVE-2020-10968 5 Debian, Fasterxml, Netapp and 2 more 41 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 38 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVE-2020-10969 5 Debian, Fasterxml, Netapp and 2 more 41 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 38 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVE-2020-10672 5 Debian, Fasterxml, Netapp and 2 more 40 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 37 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
CVE-2020-10673 5 Debian, Fasterxml, Netapp and 2 more 40 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 37 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CVE-2020-9547 5 Debian, Fasterxml, Netapp and 2 more 27 Debian Linux, Jackson-databind, Active Iq Unified Manager and 24 more 2024-08-04 9.8 Critical
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
CVE-2020-9546 5 Debian, Fasterxml, Netapp and 2 more 41 Debian Linux, Jackson-databind, Active Iq Unified Manager and 38 more 2024-08-04 9.8 Critical
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
CVE-2020-9548 5 Debian, Fasterxml, Netapp and 2 more 35 Debian Linux, Jackson-databind, Active Iq Unified Manager and 32 more 2024-08-04 9.8 Critical
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
CVE-2020-9327 6 Canonical, Netapp, Oracle and 3 more 12 Ubuntu Linux, Cloud Backup, Communications Messaging Server and 9 more 2024-08-04 7.5 High
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVE-2021-45105 6 Apache, Debian, Netapp and 3 more 131 Log4j, Debian Linux, Cloud Manager and 128 more 2024-08-04 5.9 Medium
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVE-2021-20227 2 Oracle, Sqlite 7 Communications Network Charging And Control, Enterprise Manager For Oracle Database, Jd Edwards Enterpriseone Tools and 4 more 2024-08-03 5.5 Medium
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
CVE-2021-2351 1 Oracle 111 Advanced Networking Option, Agile Engineering Data Management, Agile Plm and 108 more 2024-08-03 8.3 High
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).