本ページは oracle communications_contacts_server に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-2351 | Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Suc | [email protected] | 8.3 | 3.30% | 2021-07-21 | 2024-11-21 |
| CVE-2021-29425 | In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | [email protected] | 4.8 | 0.61% | 2021-04-13 | 2024-11-21 |
| CVE-2020-24750 | FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. | [email protected] | 8.1 | 2.00% | 2020-09-17 | 2024-11-21 |
| CVE-2020-24616 | FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). | [email protected] | 8.1 | 2.68% | 2020-08-25 | 2024-11-21 |
| CVE-2020-14195 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | [email protected] | 8.1 | 9.06% | 2020-06-16 | 2024-11-21 |
| CVE-2020-14060 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). | [email protected] | 8.1 | 8.72% | 2020-06-14 | 2026-04-29 |
| CVE-2020-14062 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). | [email protected] | 8.1 | 9.64% | 2020-06-14 | 2026-04-29 |
| CVE-2020-14061 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). | [email protected] | 8.1 | 6.15% | 2020-06-14 | 2025-08-27 |
| CVE-2020-11620 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | [email protected] | 8.1 | 2.12% | 2020-04-07 | 2024-11-21 |
| CVE-2020-11619 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | [email protected] | 8.1 | 1.33% | 2020-04-07 | 2026-04-29 |
| CVE-2020-11113 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). | [email protected] | 8.8 | 60.71% | 2020-03-31 | 2026-04-29 |
| CVE-2020-11112 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). | [email protected] | 8.8 | 6.77% | 2020-03-31 | 2026-04-29 |
| CVE-2020-11111 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). | [email protected] | 8.8 | 2.08% | 2020-03-31 | 2024-11-21 |
| CVE-2020-10969 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. | [email protected] | 8.8 | 1.03% | 2020-03-26 | 2024-11-21 |
| CVE-2020-10968 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). | [email protected] | 8.8 | 3.82% | 2020-03-26 | 2024-11-21 |
| CVE-2020-10673 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). | [email protected] | 8.8 | 20.47% | 2020-03-18 | 2024-11-21 |
| CVE-2020-10672 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). | [email protected] | 8.8 | 38.91% | 2020-03-18 | 2024-11-21 |
| CVE-2020-9548 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). | [email protected] | 9.8 | 62.02% | 2020-03-02 | 2024-11-21 |
| CVE-2020-9547 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). | [email protected] | 9.8 | 38.26% | 2020-03-02 | 2024-11-21 |
| CVE-2020-9546 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). | [email protected] | 9.8 | 2.33% | 2020-03-02 | 2026-04-29 |