Filtered by vendor Oracle
Subscriptions
Filtered by product Jd Edwards Enterpriseone Tools
Subscriptions
Total
126 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-10086 | 6 Apache, Debian, Fedoraproject and 3 more | 73 Commons Beanutils, Nifi, Debian Linux and 70 more | 2024-08-04 | 7.3 High |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. | ||||
CVE-2019-2564 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2024-08-04 | N/A |
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
CVE-2020-36182 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. | ||||
CVE-2020-36180 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. | ||||
CVE-2020-36189 | 5 Debian, Fasterxml, Netapp and 2 more | 42 Debian Linux, Jackson-databind, Cloud Backup and 39 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. | ||||
CVE-2020-36185 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. | ||||
CVE-2020-36186 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. | ||||
CVE-2020-36184 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. | ||||
CVE-2020-36183 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. | ||||
CVE-2020-36188 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. | ||||
CVE-2020-36181 | 5 Debian, Fasterxml, Netapp and 2 more | 46 Debian Linux, Jackson-databind, Service Level Manager and 43 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. | ||||
CVE-2020-36179 | 5 Debian, Fasterxml, Netapp and 2 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. | ||||
CVE-2020-36187 | 5 Debian, Fasterxml, Netapp and 2 more | 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. | ||||
CVE-2020-35728 | 5 Debian, Fasterxml, Netapp and 2 more | 42 Debian Linux, Jackson-databind, Service Level Manager and 39 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). | ||||
CVE-2020-28052 | 4 Apache, Bouncycastle, Oracle and 1 more | 26 Karaf, Legion-of-the-bouncy-castle-java-crytography-api, Banking Corporate Lending Process Management and 23 more | 2024-08-04 | 8.1 High |
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. | ||||
CVE-2020-27216 | 7 Apache, Debian, Eclipse and 4 more | 24 Beam, Debian Linux, Jetty and 21 more | 2024-08-04 | 7.0 High |
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. | ||||
CVE-2020-27193 | 2 Ckeditor, Oracle | 9 Ckeditor, Agile Plm, Application Express and 6 more | 2024-08-04 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | ||||
CVE-2020-25649 | 7 Apache, Fasterxml, Fedoraproject and 4 more | 50 Iotdb, Jackson-databind, Fedora and 47 more | 2024-08-04 | 7.5 High |
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | ||||
CVE-2020-25648 | 4 Fedoraproject, Mozilla, Oracle and 1 more | 7 Fedora, Network Security Services, Communications Offline Mediation Controller and 4 more | 2024-08-04 | 7.5 High |
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. | ||||
CVE-2020-13956 | 5 Apache, Netapp, Oracle and 2 more | 27 Httpclient, Active Iq Unified Manager, Snapcenter and 24 more | 2024-08-04 | 5.3 Medium |
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. |