Lucene search
+L
OracleBanking Party Management

16 matches found

CVE
CVE
added 2021/12/18 11:55 a.m.1190 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2021/01/26 8:39 p.m.648 views

CVE-2021-26272

CVE-2021-26272 is a ReDoS in CKEditor 4 Autolink: by pasting crafted URL-like text and pressing Enter/Space, a victim can trigger a denial-of-service. The publicly documented detail confirms CKEditor 4.x up to before 4.16 is affected; remediation is to upgrade to CKEditor 4.16+ or apply a fix as ...

6.5CVSS6.6AI score0.02223EPSS
CVE
CVE
added 2021/04/13 6:50 a.m.636 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wild
CVE
CVE
added 2021/03/10 8:0 a.m.547 views

CVE-2020-13936

CVE-2020-13936 affects Apache Velocity, where modifying Velocity templates can bypass the sandbox and allow remote code execution with the container’s privileges. Engine versions affected include up to 2.2; IBM and related advisories flag this as a Velocity sandbox bypass leading to arbitrary cod...

9CVSS8.9AI score0.22709EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.402 views

CVE-2021-36090

CVE-2021-36090 affects Apache Commons Compress zip handling: reading a specially crafted ZIP can allocate excessive memory, causing an out-of-memory DoS. Supported details from IBM/AWS advisories point to a fix in Commons Compress (upgrade to 1.21+; e.g., Amazon Linux advisories list apache-commo...

7.5CVSS7.5AI score0.12945EPSS
CVE
CVE
added 2021/08/12 5:10 p.m.391 views

CVE-2021-32809

CVE-2021-32809 concerns CKEditor 4’s Clipboard functionality. Affected: CKEditor 4, Clipboard plugin, version >= 4.5.2. Root cause: HTML injected via malformed paste content could be executed within the editor’s context. Impact: potential HTML injection into the editor content (code injection ...

5.4CVSS5.8AI score0.01188EPSS
CVE
CVE
added 2022/01/24 12:0 a.m.389 views

CVE-2022-23437

Technical specifics for CVE-2022-23437 (Xerces-J infinite loop in XML parsing) are not disclosed in the provided connected documents. Monitor for vendor/maintainer updates; current entries reference the issue but do not provide detailed root-cause, affected versions beyond 2.12.1, or fixes.

7.1CVSS6.6AI score0.0444EPSS
CVE
CVE
added 2021/12/09 12:0 a.m.351 views

CVE-2021-43797

CVE-2021-43797 : Netty prior to 4.1.71.Final fails to validate control chars at the start/end of header names, allowing HTTP request smuggling via crafted transfer-encoding/headers. This can enable the proxy to sanitize header names and forward malformed requests to remote systems that may not re...

6.5CVSS7.8AI score0.02682EPSS
CVE
CVE
added 2021/08/12 11:10 p.m.337 views

CVE-2021-37695

CKEditor 4 vulnerability CVE-2021-37695 involves the Fake Objects addon. The issue allows injection of malformed Fake Objects HTML that can lead to JavaScript execution in affected CKEditor 4 plugins when used at versions prior to 4.16.2. Public references in connected documents confirm the affec...

7.3CVSS6AI score0.01324EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.326 views

CVE-2021-35515

CVE-2021-35515 is an infinite-loop denial-of-service in Apache Commons Compress when reading a crafted 7Z archive. The issue arises during the construction of the codecs list used to decompress an entry, potentially consuming unbounded CPU and impacting services that rely on the sevenz package. C...

7.5CVSS7.2AI score0.11567EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.318 views

CVE-2021-35517

CVE-2021-35517 affects Apache Commons Compress tar handling. The vulnerability, triggered by reading a specially crafted TAR archive, can cause Compress to allocate excessive memory, potentially leading to an out-of-memory condition and a denial-of-service against services using Compress’ tar pac...

7.5CVSS7.5AI score0.10614EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.299 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.299 views

CVE-2021-35516

CVE-2021-35516 affects Apache Commons Compress (the sevenz package). A specially crafted 7Z archive can cause the library to allocate excessive memory, ultimately causing an out-of-memory condition and a denial-of-service on services that use Compress’ sevenz component. The initial description do...

7.5CVSS7.3AI score0.12365EPSS
CVE
CVE
added 2021/08/12 4:25 p.m.275 views

CVE-2021-32808

CKEditor 4.x clipboard Widget plugin vulnerability (CVE-2021-32808) arises from improper validation of widget HTML when used with the undo feature, allowing a remote attacker to trigger JavaScript execution in the victim’s browser. Affected: CKEditor 4 plugins with version >= 4.13.0. Remediati...

7.6CVSS6.1AI score0.01192EPSS
CVE
CVE
added 2020/11/12 8:31 p.m.165 views

CVE-2020-27193

CVE-2020-27193 is an XSS in CKEditor 4.15.0 Color Dialog. A remote attacker can lure a user to paste crafted HTML into the editor, causing script execution in the user’s browser. The vulnerability is addressed by CKEditor 4.15.1 security patch; IBM/OSS bulletins also reference the fix. Affected p...

6.1CVSS5.9AI score0.02018EPSS
CVE
CVE
added 2021/07/19 2:53 p.m.135 views

CVE-2021-35043

CVE-2021-35043 affects OWASP AntiSamy prior to 1.6.4. The issue is a cross-site scripting (XSS) flaw in the HTML output serializer where HTML attributes can be exploited, demonstrated by a javascript: URL substituted via &#00058 for the colon character. The vulnerability is documented in OSV (GHS...

6.1CVSS5.9AI score0.01513EPSS