Filtered by vendor Oracle Subscriptions
Filtered by product Communications Diameter Signaling Router Subscriptions
Total 80 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-24750 4 Debian, Fasterxml, Oracle and 1 more 29 Debian Linux, Jackson-databind, Agile Plm and 26 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVE-2020-24616 4 Debian, Fasterxml, Netapp and 1 more 25 Debian Linux, Jackson-databind, Active Iq Unified Manager and 22 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVE-2020-17521 4 Apache, Netapp, Oracle and 1 more 24 Atlas, Groovy, Snapcenter and 21 more 2024-08-04 5.5 Medium
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
CVE-2020-14195 5 Debian, Fasterxml, Netapp and 2 more 17 Debian Linux, Jackson-databind, Active Iq Unified Manager and 14 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
CVE-2020-14061 5 Debian, Fasterxml, Netapp and 2 more 20 Debian Linux, Jackson-databind, Active Iq Unified Manager and 17 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
CVE-2020-14060 4 Fasterxml, Netapp, Oracle and 1 more 17 Jackson-databind, Active Iq Unified Manager, Steelstore Cloud Integrated Storage and 14 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
CVE-2020-14062 5 Debian, Fasterxml, Netapp and 2 more 18 Debian Linux, Jackson-databind, Active Iq Unified Manager and 15 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
CVE-2020-13920 4 Apache, Debian, Oracle and 1 more 7 Activemq, Debian Linux, Communications Diameter Signaling Router and 4 more 2024-08-04 5.9 Medium
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.
CVE-2020-12723 6 Fedoraproject, Netapp, Opensuse and 3 more 21 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 18 more 2024-08-04 7.5 High
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-11998 2 Apache, Oracle 7 Activemq, Communications Diameter Signaling Router, Communications Element Manager and 4 more 2024-08-04 9.8 Critical
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13
CVE-2020-11994 3 Apache, Oracle, Redhat 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more 2024-08-04 7.5 High
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
CVE-2020-11972 3 Apache, Oracle, Redhat 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more 2024-08-04 9.8 Critical
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVE-2020-11973 3 Apache, Oracle, Redhat 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more 2024-08-04 9.8 Critical
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVE-2020-11971 3 Apache, Oracle, Redhat 6 Camel, Communications Diameter Intelligence Hub, Communications Diameter Signaling Router and 3 more 2024-08-04 7.5 High
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
CVE-2020-11619 5 Debian, Fasterxml, Netapp and 2 more 31 Debian Linux, Jackson-databind, Active Iq Unified Manager and 28 more 2024-08-04 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CVE-2020-11112 5 Debian, Fasterxml, Netapp and 2 more 39 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 36 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVE-2020-11113 5 Debian, Fasterxml, Netapp and 2 more 41 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 38 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-11111 5 Debian, Fasterxml, Netapp and 2 more 33 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 30 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CVE-2020-10968 5 Debian, Fasterxml, Netapp and 2 more 41 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 38 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVE-2020-10969 5 Debian, Fasterxml, Netapp and 2 more 41 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 38 more 2024-08-04 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.