Lucene search

K

Financial Services Analytical Applications Infrastructure Security Vulnerabilities

cve
cve

CVE-2023-21901

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low...

7.4CVSS

7AI Score

0.0004EPSS

2024-01-16 10:15 PM
9
cve
cve

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it...

9.8CVSS

8.7AI Score

0.975EPSS

2022-04-01 11:15 PM
1743
In Wild
5
cve
cve

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local...

9.8CVSS

9.5AI Score

0.975EPSS

2022-04-01 11:15 PM
1216
In Wild
3
cve
cve

CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a...

7.5CVSS

7.2AI Score

0.003EPSS

2022-03-16 05:15 PM
448
5
cve
cve

CVE-2022-24728

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

5.4CVSS

6AI Score

0.002EPSS

2022-03-16 04:15 PM
390
2
cve
cve

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested...

7.5CVSS

7.4AI Score

0.002EPSS

2022-03-11 07:15 AM
341
11
cve
cve

CVE-2022-23437

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present...

6.5CVSS

6.4AI Score

0.004EPSS

2022-01-24 03:15 PM
179
14
cve
cve

CVE-2021-35687

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager). Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnerability allows unauthenticated attacker with....

5.3CVSS

4.7AI Score

0.001EPSS

2022-01-19 12:15 PM
28
cve
cve

CVE-2021-35686

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager). Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnerability allows low privileged attacker with.....

4.3CVSS

3.7AI Score

0.001EPSS

2022-01-19 12:15 PM
29
cve
cve

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue...

5.9CVSS

7.5AI Score

0.966EPSS

2021-12-18 12:15 PM
751
In Wild
4
cve
cve

CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS

6.4AI Score

0.002EPSS

2021-09-22 09:15 AM
135
5
cve
cve

CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

7.3CVSS

5.6AI Score

0.002EPSS

2021-08-13 12:15 AM
234
2
cve
cve

CVE-2021-32809

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...

5.4CVSS

5.6AI Score

0.002EPSS

2021-08-12 05:15 PM
287
2
cve
cve

CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing.....

7.6CVSS

5.4AI Score

0.001EPSS

2021-08-12 05:15 PM
177
3
cve
cve

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option......

8.3CVSS

8.5AI Score

0.013EPSS

2021-07-21 03:15 PM
156
9
cve
cve

CVE-2021-36374

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives.....

5.5CVSS

5.7AI Score

0.001EPSS

2021-07-14 07:15 AM
496
11
cve
cve

CVE-2021-36373

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were...

5.5CVSS

5.9AI Score

0.001EPSS

2021-07-14 07:15 AM
188
9
cve
cve

CVE-2021-36090

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip...

7.5CVSS

7.4AI Score

0.01EPSS

2021-07-13 08:15 AM
291
13
cve
cve

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the...

7.8CVSS

7.5AI Score

0.0005EPSS

2021-05-27 03:15 PM
127
9
cve
cve

CVE-2021-26291

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository....

9.1CVSS

8.8AI Score

0.002EPSS

2021-04-23 03:15 PM
173
20
cve
cve

CVE-2021-2140

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network.....

6.1CVSS

5.8AI Score

0.001EPSS

2021-04-22 10:15 PM
22
cve
cve

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path...

4.8CVSS

5.5AI Score

0.002EPSS

2021-04-13 07:15 AM
338
In Wild
26
cve
cve

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink...

6.5CVSS

6.6AI Score

0.002EPSS

2021-01-26 09:15 PM
561
4
cve
cve

CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs...

6.5CVSS

6.6AI Score

0.001EPSS

2021-01-26 09:15 PM
479
3
cve
cve

CVE-2020-27193

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor...

6.1CVSS

5.9AI Score

0.003EPSS

2020-11-12 09:15 PM
98
2
cve
cve

CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET...

7.5CVSS

8.2AI Score

0.002EPSS

2020-11-12 06:15 PM
221
cve
cve

CVE-2020-14824

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

8.6CVSS

8AI Score

0.001EPSS

2020-10-21 03:15 PM
15
cve
cve

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

7.5CVSS

6.9AI Score

0.002EPSS

2020-10-01 08:15 PM
222
3
cve
cve

CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path...

6.5CVSS

7.5AI Score

0.153EPSS

2020-09-19 04:15 AM
197
6
cve
cve

CVE-2020-14685

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network...

6.5CVSS

6.3AI Score

0.001EPSS

2020-07-15 06:15 PM
23
cve
cve

CVE-2020-14684

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

4.3CVSS

3.8AI Score

0.001EPSS

2020-07-15 06:15 PM
22
cve
cve

CVE-2020-14662

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network...

6.3CVSS

5.9AI Score

0.001EPSS

2020-07-15 06:15 PM
19
cve
cve

CVE-2020-14605

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network...

6.5CVSS

6.3AI Score

0.001EPSS

2020-07-15 06:15 PM
19
cve
cve

CVE-2020-14615

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

6.1CVSS

5.8AI Score

0.001EPSS

2020-07-15 06:15 PM
16
cve
cve

CVE-2020-14602

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network...

7.1CVSS

6.5AI Score

0.001EPSS

2020-07-15 06:15 PM
24
cve
cve

CVE-2020-14604

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

5.3CVSS

4.7AI Score

0.001EPSS

2020-07-15 06:15 PM
21
cve
cve

CVE-2020-14601

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

6.1CVSS

5.8AI Score

0.001EPSS

2020-07-15 06:15 PM
18
cve
cve

CVE-2020-14603

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

5.3CVSS

4.7AI Score

0.001EPSS

2020-07-15 06:15 PM
15
cve
cve

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS

6.8AI Score

0.001EPSS

2020-05-14 04:15 PM
354
5
cve
cve

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses...

9.8CVSS

9.2AI Score

0.007EPSS

2020-05-01 07:15 PM
384
4
cve
cve

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery...

6.9CVSS

6.8AI Score

0.061EPSS

2020-04-29 10:15 PM
5346
In Wild
18
cve
cve

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and...

3.7CVSS

6AI Score

0.002EPSS

2020-04-27 04:15 PM
299
17
cve
cve

CVE-2020-2793

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged attacker with network.....

7.1CVSS

6.3AI Score

0.001EPSS

2020-04-15 02:15 PM
20
cve
cve

CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-31 05:15 AM
139
4
cve
cve

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-31 05:15 AM
220
3
cve
cve

CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-26 01:15 PM
164
3
cve
cve

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-26 01:15 PM
164
3
cve
cve

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka...

8.8CVSS

8.3AI Score

0.011EPSS

2020-03-18 10:15 PM
175
3
cve
cve

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka...

8.8CVSS

8.3AI Score

0.011EPSS

2020-03-18 10:15 PM
222
3
cve
cve

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded...

9.8CVSS

9.2AI Score

0.007EPSS

2020-03-02 04:15 AM
265
2
Total number of security vulnerabilities76