Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Total 10697 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-4259 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.
CVE-2020-3909 2 Apple, Oracle 8 Icloud, Ipados, Iphone Os and 5 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
CVE-2020-3235 2 Cisco, Oracle 7 Catalyst 4503-e, Catalyst 4506-e, Catalyst 4507r\+e and 4 more 2026-06-17 6.3 MEDIUM 7.7 HIGH
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.
CVE-2020-36518 4 Debian, Fasterxml, Netapp and 1 more 36 Debian Linux, Jackson-databind, Active Iq Unified Manager and 33 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2020-36242 3 Cryptography.io, Fedoraproject, Oracle 3 Cryptography, Fedora, Communications Cloud Native Core Network Function Cloud Native Environment 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
CVE-2020-36189 4 Debian, Fasterxml, Netapp and 1 more 40 Debian Linux, Jackson-databind, Cloud Backup and 37 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2020-36188 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVE-2020-36187 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVE-2020-36186 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVE-2020-36185 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-36184 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-36183 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CVE-2020-36182 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36181 4 Debian, Fasterxml, Netapp and 1 more 44 Debian Linux, Jackson-databind, Service Level Manager and 41 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36180 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36179 4 Debian, Fasterxml, Netapp and 1 more 43 Debian Linux, Jackson-databind, Cloud Backup and 40 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-35728 4 Debian, Fasterxml, Netapp and 1 more 40 Debian Linux, Jackson-databind, Service Level Manager and 37 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
CVE-2020-35491 4 Debian, Fasterxml, Netapp and 1 more 26 Debian Linux, Jackson-databind, Service Level Manager and 23 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-35490 4 Debian, Fasterxml, Netapp and 1 more 25 Debian Linux, Jackson-databind, Service Level Manager and 22 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-35460 2 Mpxj, Oracle 2 Mpxj, Primavera Unifier 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.