35 matches found
CVE-2021-45105
Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...
CVE-2018-10237
CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...
CVE-2019-13990
CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...
CVE-2021-36090
CVE-2021-36090 affects Apache Commons Compress zip handling: reading a specially crafted ZIP can allocate excessive memory, causing an out-of-memory DoS. Supported details from IBM/AWS advisories point to a fix in Commons Compress (upgrade to 1.21+; e.g., Amazon Linux advisories list apache-commo...
CVE-2019-12415
CVE-2019-12415 affects Apache POI up to version 4.1.0. The vulnerability arises when using the tool XSSFExportToXml to convert user-supplied Excel documents, allowing an attacker to read local filesystem or internal network resources via XML External Entity (XXE) processing. The Connected documen...
CVE-2021-35515
CVE-2021-35515 is an infinite-loop denial-of-service in Apache Commons Compress when reading a crafted 7Z archive. The issue arises during the construction of the codecs list used to decompress an entry, potentially consuming unbounded CPU and impacting services that rely on the sevenz package. C...
CVE-2021-30129
CVE-2021-30129 affects Apache Mina SSHD's sshd-core; a crafted request can trigger an OutOfMemory DoS in the SFTP and port forwarding features. Remediation: upgrade to Apache Mina SSHD 2.7.0 (fix documented in the IBM PEM advisory referencing this CVE). If applying via IBM PEM, follow their patch...
CVE-2021-35517
CVE-2021-35517 affects Apache Commons Compress tar handling. The vulnerability, triggered by reading a specially crafted TAR archive, can cause Compress to allocate excessive memory, potentially leading to an out-of-memory condition and a denial-of-service against services using Compress’ tar pac...
CVE-2019-12402
CVE-2019-12402 affects Apache Commons Compress 1.15–1.18, where the internal file-name encoding can loop infinitely and cause DoS when processing crafted archives. Connected docs show multiple vendors referencing this CVE in product advisories (e.g., Atlassian Confluence with dependency notes; IB...
CVE-2019-12399
CVE-2019-12399 affects Apache Kafka Connect: when Connect workers are configured with config providers and a connector uses an externalized secret variable within a substring of a configuration value, an attacker can request a cluster’s task configuration and receive the plaintext secret instead ...
CVE-2021-41973
CVE-2021-41973 affects Apache MINA, where a specially crafted HTTP request can cause the HTTP Header decoder to loop indefinitely, leading to a denial of service. The root cause is the decoder assuming headers begin at the buffer start and looping if extra data is present. Mitigation: upgrade MIN...
CVE-2022-21475
CVE-2022-21475 affects Oracle Banking Payments (Oracle Financial Services Applications, Infrastructure component) and is tied to version 14.5. The vulnerability allows a low-privilege, network-accessible attacker over HTTP to compromise data: unauthorized create/delete/modify access to critical d...
CVE-2020-2712
CVE-2020-2712 affects the Oracle Banking Payments component (Core) of Oracle Financial Services Applications. Affected supported versions are 14.1.0–14.3.0 . The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. The attack can res...
CVE-2018-3021
CVE-2018-3021 affects the Oracle Banking Payments component of Oracle Financial Services Applications (Payments Core). Affected versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability allows an unauthenticated attacker over HTTP to read a subset of Oracle Banking Payments data (...
CVE-2018-3022
CVE-2018-3022 affects Oracle Banking Payments (Payments Core) within Oracle Financial Services Applications. Affected versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability allows a low-privilege attacker with network access via HTTP to compromise the service, enabling a hang o...
CVE-2020-2710
Oracle Banking Payments (Oracle Financial Services Applications, Core) is affected in versions 14.1.0–14.3.0. A low-privilege, network-based attacker with HTTP access can compromise data confidentiality and integrity. CVSSv3.0 base score is 5.4 (C:L, I:L; A:N; PR:L; AV:N). The connected documents...
CVE-2018-2747
Oracle Financial Services Applications – Banking Corporate Lending Core module (versions 12.3.0, 12.4.0, 12.5.0 and 14.0.0) is affected by CVE-2018-2747. A low-privilege, network-accessible attacker via HTTP can access data in the Banking Corporate Lending component, leading to potential unauthor...
CVE-2018-2748
CVE-2018-2748 affects Oracle Banking Corporate Lending (Core module) within Oracle Financial Services Applications. Affected versions include 12.3.0, 12.4.0, 12.5.0 and 14.0.0. The vulnerability is exploitable over HTTP by an unauthenticated attacker and, per the description, requires user intera...
CVE-2018-3027
CVE-2018-3027 affects Oracle Banking Payments (Oracle Financial Services Applications, Payments Core) and targets multiple supported versions: 12.2.0, 12.3.0, 12.4.0, 12.5.0, and 14.1.0. The vulnerability enables a low-privilege attacker with network access over HTTP to compromise Oracle Banking ...
CVE-2018-2746
The CVE-2018-2746 entry refers to a vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (Core module). Affected are versions 12.3.0, 12.4.0, 12.5.0 and 14.0.0. The vulnerability can be exploited by a low-privileged attacker with network access...
CVE-2018-3024
CVE-2018-3024 affects Oracle Banking Payments (Payments Core) within Oracle Financial Services Applications. Affected supported versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability is exploitable by a low-privilege attacker with network access over HTTP, enabling unauthorized...
CVE-2018-3026
CVE-2018-3026 affects Oracle Banking Payments within Oracle Financial Services Applications (subcomponent: Payments Core). Vulnerable versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The issue allows a low-privilege attacker who can reach the service over HTTP, with user interaction, to po...
CVE-2020-2713
CVE-2020-2713 affects the Oracle Banking Payments product (Oracle Financial Services Applications), specifically the Core component, with affected versions 14.1.0–14.3.0. The vulnerability allows a low-privileged, network-accessible attacker (via HTTP) to compromise Oracle Banking Payments, poten...
CVE-2018-2708
CVE-2018-2708 affects the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Affected versions are 12.3.0 and 12.4.0. The vulnerability is described as difficult to exploit but allows a low-privileged attacker with network access via HTTP to...
CVE-2018-2749
CVE-2018-2749 : Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (Core module). Affected versions: 12.3.0, 12.4.0, 12.5.0, and 14.0.0. An attacker with network access via HTTP and low privileges can exploit this flaw, with user interaction ...
CVE-2018-2705
CVE-2018-2705 affects Oracle Banking Payments (Payments Core) in Oracle Financial Services Applications, with affected versions 12.3.0 and 12.4.0. The vulnerability is exploitable by a low-privilege attacker who has network access via HTTP and can compromise Oracle Banking Payments, potentially l...
CVE-2018-3023
CVE-2018-3023 affects Oracle Banking Payments (subcomponent: Payments Core) within Oracle Financial Services Applications. Affected supported versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability enables a low-privileged attacker with network access via HTTP to compromise Orac...
CVE-2020-2711
The CVE-2020-2711 entry concerns Oracle Banking Payments (Core) in Oracle Financial Services Applications. Affected versions are 14.1.0–14.3.0. The vulnerability is exploitable by a low-privilege actor over HTTP from the network, potentially leading to unauthorized access to data within Oracle Ba...
CVE-2020-2714
The CVE-2020-2714 entry concerns Oracle Banking Payments within Oracle Financial Services Applications (component: Core). Affected versions are 14.1.0–14.3.0. The vulnerability allows a low-privileged attacker with network access over HTTP to read data from Oracle Banking Payments, as described i...
CVE-2018-2704
CVE-2018-2704 affects the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). The vulnerability is present in supported versions 12.3.0 and 12.4.0 and is exploitable over the network via HTTP by a low-privileged attacker, potentially granting...
CVE-2018-3020
CVE-2018-3020 affects Oracle Banking Payments (Oracle Financial Services Applications), specifically the Payments Core subcomponent. Affected versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability is described as easily exploitable with network access over HTTP by a low-privile...
CVE-2018-3025
CVE-2018-3025 is a vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (Payments Core). Affected versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The flaw is exploitable by a low-privilege attacker over HTTP with network access, leading to poten...
CVE-2020-14896
The CVE-2020-14896 entry concerns Oracle Banking Payments (Core) in Oracle Financial Services Applications, affected in versions 14.1.0–14.4.0. The vulnerability allows a low-privilege, unauthenticated attacker over HTTP on the network to access sensitive data, with an impact described as data co...
CVE-2018-2896
CVE-2018-2896 affects the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent Payments Core). Affected supported versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability is exploitable by an unauthenticated attacker with network access via HT...
CVE-2023-21915
CVE-2023-21915 affects Oracle Banking Payments (Oracle Financial Services Applications), specifically the Book/Internal Transfer component, with affected versions 14.5–14.7. The vulnerability is described as insufficient input validation allowing a low-privilege, network-accessible attacker (via ...