Filtered by vendor Oracle
Subscribe
Total
10081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28500 | 3 Lodash, Oracle, Siemens | 19 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 16 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. | |||||
| CVE-2020-28491 | 3 Fasterxml, Oracle, Quarkus | 3 Jackson-dataformats-binary, Weblogic Server, Quarkus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. | |||||
| CVE-2020-28469 | 2 Gulpjs, Oracle | 2 Glob-parent, Communications Cloud Native Core Policy | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator. | |||||
| CVE-2020-28196 | 4 Fedoraproject, Mit, Netapp and 1 more | 11 Fedora, Kerberos 5, Active Iq Unified Manager and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. | |||||
| CVE-2020-27845 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Outside In Technology and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. | |||||
| CVE-2020-27844 | 3 Debian, Oracle, Uclouvain | 3 Debian Linux, Outside In Technology, Openjpeg | 2024-11-21 | 8.3 HIGH | 7.8 HIGH |
| A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-27843 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Outside In Technology and 1 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. | |||||
| CVE-2020-27842 | 5 Debian, Fedoraproject, Oracle and 2 more | 11 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 8 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. | |||||
| CVE-2020-27841 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Outside In Technology and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. | |||||
| CVE-2020-27820 | 3 Fedoraproject, Linux, Oracle | 5 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). | |||||
| CVE-2020-27783 | 6 Debian, Fedoraproject, Lxml and 3 more | 8 Debian Linux, Fedora, Lxml and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | |||||
| CVE-2020-27619 | 3 Fedoraproject, Oracle, Python | 3 Fedora, Communications Cloud Native Core Network Function Cloud Native Environment, Python | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | |||||
| CVE-2020-27223 | 5 Apache, Debian, Eclipse and 2 more | 16 Nifi, Solr, Spark and 13 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | |||||
| CVE-2020-27218 | 5 Apache, Debian, Eclipse and 2 more | 17 Kafka, Spark, Debian Linux and 14 more | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. | |||||
| CVE-2020-27216 | 6 Apache, Debian, Eclipse and 3 more | 19 Beam, Debian Linux, Jetty and 16 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. | |||||
| CVE-2020-27193 | 2 Ckeditor, Oracle | 9 Ckeditor, Agile Plm, Application Express and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | |||||
| CVE-2020-26870 | 4 Cure53, Debian, Microsoft and 1 more | 5 Dompurify, Debian Linux, Visual Studio 2017 and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. | |||||
| CVE-2020-26575 | 4 Debian, Fedoraproject, Oracle and 1 more | 5 Debian Linux, Fedora, Zfs Storage Appliance and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. | |||||
| CVE-2020-26422 | 2 Oracle, Wireshark | 2 Zfs Storage Appliance Kit, Wireshark | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2020-26421 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Zfs Storage Appliance Kit and 1 more | 2024-11-21 | 5.0 MEDIUM | 4.2 MEDIUM |
| Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||||