Show filters
383 Total Results
Displaying 31-40 of 383
Sort by:
Attacker Value
Unknown
CVE-2020-10683
Disclosure Date: May 01, 2020 (last updated February 21, 2025)
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
0
Attacker Value
Unknown
CVE-2020-9488
Disclosure Date: April 27, 2020 (last updated February 21, 2025)
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
0
Attacker Value
Unknown
CVE-2020-11620
Disclosure Date: April 07, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
0
Attacker Value
Unknown
CVE-2020-11619
Disclosure Date: April 07, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
0
Attacker Value
Unknown
CVE-2020-11111
Disclosure Date: March 31, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
0
Attacker Value
Unknown
CVE-2020-11112
Disclosure Date: March 31, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
0
Attacker Value
Unknown
CVE-2020-11113
Disclosure Date: March 31, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
0
Attacker Value
Unknown
CVE-2020-10969
Disclosure Date: March 26, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
0
Attacker Value
Unknown
CVE-2020-10968
Disclosure Date: March 26, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
0
Attacker Value
Unknown
CVE-2020-6427
Disclosure Date: March 23, 2020 (last updated February 21, 2025)
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
0
