Lucene search

K

GoldenGate Security Vulnerabilities

cve
cve

CVE-2022-21551

Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate). The supported version that is affected is 21c: prior to 21.7.0.0.0; 19c: prior to 19.1.0.0.220719. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle GoldenGate....

6.8CVSS

6.8AI Score

0.002EPSS

2022-07-19 10:15 PM
50
cve
cve

CVE-2022-21442

Vulnerability in Oracle GoldenGate (component: OGG Core Library). The supported version that is affected is Prior to 23.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GoldenGate executes to compromise Oracle GoldenGate. While the...

8.8CVSS

8.7AI Score

0.0004EPSS

2022-04-19 09:15 PM
62
cve
cve

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS

9.1AI Score

0.975EPSS

2021-12-14 12:15 PM
783
In Wild
15
cve
cve

CVE-2021-3749

axios is vulnerable to Inefficient Regular Expression...

7.5CVSS

7.3AI Score

0.019EPSS

2021-08-31 11:15 AM
211
6
cve
cve

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option......

8.3CVSS

8.5AI Score

0.013EPSS

2021-07-21 03:15 PM
156
9
cve
cve

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other...

7.7CVSS

6.3AI Score

0.52EPSS

2021-06-01 01:15 PM
5145
10
cve
cve

CVE-2021-26291

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository....

9.1CVSS

8.8AI Score

0.002EPSS

2021-04-23 03:15 PM
173
20
cve
cve

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
225
7
cve
cve

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
221
6
cve
cve

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.004EPSS

2021-01-07 12:15 AM
222
16
cve
cve

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
224
12
cve
cve

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
217
6
cve
cve

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
206
6
cve
cve

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
210
7
cve
cve

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
211
5
cve
cve

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
202
7
cve
cve

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
212
6
cve
cve

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
213
4
cve
cve

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...

8.1CVSS

7.7AI Score

0.007EPSS

2020-12-27 05:15 AM
223
19
cve
cve

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data...

7.5CVSS

7.3AI Score

0.004EPSS

2020-12-03 05:15 PM
285
17
cve
cve

CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path...

6.5CVSS

7.5AI Score

0.153EPSS

2020-09-19 04:15 AM
197
6
cve
cve

CVE-2020-14705

Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management). The supported version that is affected is Prior to 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the...

9.6CVSS

9AI Score

0.001EPSS

2020-07-15 06:15 PM
20
cve
cve

CVE-2020-3235

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input...

7.7CVSS

7.8AI Score

0.001EPSS

2020-06-03 06:15 PM
41
cve
cve

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and...

3.7CVSS

6AI Score

0.002EPSS

2020-04-27 04:15 PM
299
17
cve
cve

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping() or when...

9.8CVSS

9.5AI Score

0.025EPSS

2020-03-02 09:15 PM
116
cve
cve

CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache...

9.8CVSS

9.2AI Score

0.006EPSS

2020-01-03 04:15 AM
305
4
cve
cve

CVE-2019-14862

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating...

6.1CVSS

6.2AI Score

0.001EPSS

2020-01-02 03:15 PM
121
4
cve
cve

CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

8.1CVSS

7.9AI Score

0.003EPSS

2019-12-18 08:15 PM
308
cve
cve

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS...

6.1CVSS

6AI Score

0.002EPSS

2019-11-08 03:15 PM
168
6
cve
cve

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an.....

9.8CVSS

9.2AI Score

0.007EPSS

2019-10-12 09:15 PM
282
4
cve
cve

CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to...

9.8CVSS

9.1AI Score

0.012EPSS

2019-10-07 12:15 AM
279
cve
cve

CVE-2019-16943

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an.....

9.8CVSS

9.3AI Score

0.004EPSS

2019-10-01 05:15 PM
215
3
cve
cve

CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can...

9.8CVSS

9.4AI Score

0.004EPSS

2019-10-01 05:15 PM
216
4
cve
cve

CVE-2019-3738

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared...

6.5CVSS

7.5AI Score

0.004EPSS

2019-09-18 11:15 PM
198
6
cve
cve

CVE-2019-3739

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA...

6.5CVSS

7.9AI Score

0.004EPSS

2019-09-18 11:15 PM
191
8
cve
cve

CVE-2019-3740

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA...

6.5CVSS

7.9AI Score

0.004EPSS

2019-09-18 11:15 PM
201
6
cve
cve

CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to...

9.8CVSS

9.3AI Score

0.004EPSS

2019-09-15 10:15 PM
233
cve
cve

CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than...

9.8CVSS

9.3AI Score

0.004EPSS

2019-09-15 10:15 PM
177
cve
cve

CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the...

7.5CVSS

8.4AI Score

0.001EPSS

2019-07-30 11:15 AM
103
cve
cve

CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code...

9.8CVSS

9.7AI Score

0.006EPSS

2019-07-29 12:15 PM
197
4
cve
cve

CVE-2019-0201

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider....

5.9CVSS

5.8AI Score

0.001EPSS

2019-05-23 02:29 PM
147
4
cve
cve

CVE-2019-0222

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it...

7.5CVSS

7.4AI Score

0.006EPSS

2019-03-28 10:29 PM
152
5
cve
cve

CVE-2018-15769

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value.....

7.5CVSS

8.3AI Score

0.004EPSS

2018-11-16 09:29 PM
30
cve
cve

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller....

7.5CVSS

7.1AI Score

0.004EPSS

2018-10-18 10:29 PM
133
4
cve
cve

CVE-2018-2912

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle...

7.5CVSS

6.8AI Score

0.011EPSS

2018-10-17 01:31 AM
31
cve
cve

CVE-2018-2914

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle...

7.5CVSS

6.8AI Score

0.011EPSS

2018-10-17 01:31 AM
21
cve
cve

CVE-2018-2913

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Monitoring Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise...

10CVSS

9.1AI Score

0.028EPSS

2018-10-17 01:31 AM
43
cve
cve

CVE-2018-11058

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1...

9.8CVSS

9.1AI Score

0.006EPSS

2018-09-14 08:29 PM
69
cve
cve

CVE-2018-11056

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed...

6.5CVSS

7.6AI Score

0.005EPSS

2018-08-31 06:29 PM
30
cve
cve

CVE-2018-11057

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA...

5.9CVSS

7.2AI Score

0.003EPSS

2018-08-31 06:29 PM
27
Total number of security vulnerabilities66