Banking Extensibility Workbench Security Vulnerabilities and Issues — Banking Extensibility Workbench CVE List

Lucene search

OracleBanking Extensibility Workbench

20 matches found

CVE•added 2020/03/12 7:15 p.m.•771 views

CVE-2020-10531

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

8.8CVSS8.7AI score0.00538EPSS

CVE•added 2020/06/03 11:15 p.m.•669 views

CVE-2020-11080

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes th...

7.5CVSS6.5AI score0.00566EPSS

CVE•added 2019/07/26 12:15 a.m.•546 views

CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

9.1CVSS8.9AI score0.0341EPSS

CVE•added 2021/02/15 1:15 p.m.•464 views

CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

7.2CVSS7.2AI score0.00551EPSS

CVE•added 2020/07/24 10:15 p.m.•366 views

CVE-2020-8174

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and

9.3CVSS8.1AI score0.01274EPSS

CVE•added 2020/12/18 1:15 a.m.•338 views

CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

8.1CVSS7.7AI score0.0378EPSS

CVE•added 2020/07/15 5:15 p.m.•330 views

CVE-2020-8203

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

7.4CVSS6.9AI score0.02439EPSS

CVE•added 2020/12/27 5:15 a.m.•270 views

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

8.1CVSS7.7AI score0.39669EPSS

Web

CVE•added 2021/01/07 12:15 a.m.•268 views

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.01957EPSS

CVE•added 2021/01/07 12:15 a.m.•266 views

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

8.1CVSS7.7AI score0.02421EPSS

CVE•added 2021/01/07 12:15 a.m.•259 views

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.02121EPSS

CVE•added 2021/01/06 11:15 p.m.•258 views

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

8.1CVSS7.7AI score0.01957EPSS

CVE•added 2021/01/06 11:15 p.m.•258 views

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

8.1CVSS7.7AI score0.0698EPSS

Web

CVE•added 2021/01/06 11:15 p.m.•257 views

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

8.8CVSS7.7AI score0.05061EPSS

Web

CVE•added 2021/01/06 11:15 p.m.•250 views

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

8.8CVSS7.7AI score0.06306EPSS

CVE•added 2021/01/06 11:15 p.m.•247 views

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

8.1CVSS7.7AI score0.0221EPSS

CVE•added 2021/02/15 11:15 a.m.•244 views

CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

5.3CVSS6AI score0.00202EPSS

CVE•added 2021/01/06 11:15 p.m.•244 views

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

8.1CVSS7.7AI score0.02039EPSS

CVE•added 2020/06/08 2:15 p.m.•172 views

CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and

7.4CVSS7.4AI score0.01016EPSS

CVE•added 2020/08/08 9:15 p.m.•142 views

CVE-2020-15824

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.

8.8CVSS8.6AI score0.00026EPSS