Show filters
25 Total Results
Displaying 1-10 of 25
Sort by:
Attacker Value
Low

CVE-2019-11358

Disclosure Date: April 20, 2019 (last updated February 17, 2024)
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
6
1
Attacker Value
Moderate

CVE-2017-5715

Disclosure Date: January 04, 2018 (last updated November 26, 2024)
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Attack Vector: LocalPrivileges: LowUser Interaction: None
6
1
Attacker Value
Unknown

CVE-2020-24750

Disclosure Date: September 17, 2020 (last updated November 28, 2024)
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-24616

Disclosure Date: August 25, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-14195

Disclosure Date: June 16, 2020 (last updated November 28, 2024)
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-14060

Disclosure Date: June 14, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-14061

Disclosure Date: June 14, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-14062

Disclosure Date: June 14, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-11619

Disclosure Date: April 07, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-11112

Disclosure Date: March 31, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  Next >