Show filters
350 Total Results
Displaying 191-200 of 350
Sort by:
Attacker Value
Unknown
CVE-2020-24750
Disclosure Date: September 17, 2020 (last updated February 22, 2025)
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
0
Attacker Value
Unknown
CVE-2020-24616
Disclosure Date: August 25, 2020 (last updated February 22, 2025)
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
0
Attacker Value
Unknown
CVE-2020-11993
Disclosure Date: August 07, 2020 (last updated February 21, 2025)
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.
0
Attacker Value
Unknown
CVE-2020-13935
Disclosure Date: July 14, 2020 (last updated February 21, 2025)
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
0
Attacker Value
Unknown
CVE-2020-13934
Disclosure Date: July 14, 2020 (last updated February 21, 2025)
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
0
Attacker Value
Unknown
CVE-2020-14195
Disclosure Date: June 16, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
0
Attacker Value
Unknown
CVE-2020-14061
Disclosure Date: June 14, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
0
Attacker Value
Unknown
CVE-2020-11655
Disclosure Date: April 09, 2020 (last updated February 21, 2025)
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
0
Attacker Value
Unknown
CVE-2020-11620
Disclosure Date: April 07, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
0
Attacker Value
Unknown
CVE-2020-11619
Disclosure Date: April 07, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
0