CVEs (44)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
7Debian DrupalFedoraproject+4 more52Active Iq Unified Manager Application ExpressApplication Testing Suite+49 moreNov 7, 2025 Apr 29, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(),...Show more |
4Debian FasterxmlNetapp+1 more18Active Iq Unified Manager Banking PlatformCommunications Contacts Server+15 moreNov 21, 2024 Apr 7, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). |
4Debian FasterxmlNetapp+1 more21Active Iq Unified Manager Agile PlmBanking Platform+18 moreApr 29, 2026 Apr 7, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). |
4Debian FasterxmlNetapp+1 more32Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+29 moreApr 29, 2026 Mar 31, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). |
4Debian FasterxmlNetapp+1 more31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 moreApr 29, 2026 Mar 31, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). |
4Debian FasterxmlNetapp+1 more25Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+22 moreNov 21, 2024 Mar 31, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms)...Show more |
4Debian FasterxmlNetapp+1 more31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 moreNov 21, 2024 Mar 26, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. |
4Debian FasterxmlNetapp+1 more31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 moreNov 21, 2024 Mar 26, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). |
4Debian FasterxmlNetapp+1 more31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 moreNov 21, 2024 Mar 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). |
4Debian FasterxmlNetapp+1 more31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 moreNov 21, 2024 Mar 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jm...Show more |
4Debian FasterxmlNetapp+1 more25Active Iq Unified Manager Agile PlmAutovue For Agile Product Lifecycle Management+22 moreNov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). |
4Debian FasterxmlNetapp+1 more16Active Iq Unified Manager Autovue For Agile Product Lifecycle ManagementBanking Platform+13 moreNov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). |
4Debian FasterxmlNetapp+1 more31Active Iq Unified Manager Agile PlmAutovue For Agile Product Lifecycle Management+28 moreApr 29, 2026 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). |
4Debian FasterxmlNetapp+1 more30Active Iq Unified Manager Banking PlatformCommunications Billing And Revenue Management+27 moreNov 21, 2024 Jan 3, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. |
3Netapp OracleRedhat188Access Manager Active Iq Unified ManagerAgile Engineering Data Management+185 moreJul 7, 2025 Nov 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more |
3Apache Connect2idOracle15Communications Cloud Native Core Security Edge Protection Proxy Communications Pricing Design CenterData Integrator+12 moreNov 21, 2024 Oct 15, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. |
5Debian FasterxmlNetapp+2 more22Banking Platform Communications Billing And Revenue ManagementCommunications Calendar Server+19 moreNov 21, 2024 Oct 12, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the se...Show more |
6Debian FasterxmlFedoraproject+3 more26Active Iq Unified Manager Banking PlatformCommunications Billing And Revenue Management+23 moreNov 21, 2024 Oct 1, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the se...Show more |
6Debian FasterxmlFedoraproject+3 more28Active Iq Unified Manager Banking PlatformCommunications Billing And Revenue Management+25 moreNov 21, 2024 Oct 1, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the se...Show more |
6Apache DebianFedoraproject+3 more60Agile Plm Agile Product Lifecycle Management Integration PackApplication Testing Suite+57 moreNov 21, 2024 Aug 20, 2019 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, howev...Show more |