20 matches found
CVE-2021-45105
Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...
CVE-2021-36374
CVE-2021-36374 affects Apache Ant and causes denial of service via memory allocation when parsing specially crafted ZIP-based archives (and derived formats such as JARs and certain Office files). The vulnerability stems from how Ant reads these archives, enabling large memory use and out-of-memor...
CVE-2021-37714
CVE-2021-37714 affects jsoup (Java HTML parser) versions prior to 1.14.2. When parsing untrusted HTML/XML, the parser may loop, slow down, or throw exceptions, enabling a denial-of-service condition. A fix is available in jsoup 1.14.2. Workarounds include rate-limiting parsing input, capping inpu...
CVE-2021-36090
CVE-2021-36090 affects Apache Commons Compress zip handling: reading a specially crafted ZIP can allocate excessive memory, causing an out-of-memory DoS. Supported details from IBM/AWS advisories point to a fix in Commons Compress (upgrade to 1.21+; e.g., Amazon Linux advisories list apache-commo...
CVE-2021-35515
CVE-2021-35515 is an infinite-loop denial-of-service in Apache Commons Compress when reading a crafted 7Z archive. The issue arises during the construction of the codecs list used to decompress an entry, potentially consuming unbounded CPU and impacting services that rely on the sevenz package. C...
CVE-2021-30129
CVE-2021-30129 affects Apache Mina SSHD's sshd-core; a crafted request can trigger an OutOfMemory DoS in the SFTP and port forwarding features. Remediation: upgrade to Apache Mina SSHD 2.7.0 (fix documented in the IBM PEM advisory referencing this CVE). If applying via IBM PEM, follow their patch...
CVE-2021-35517
CVE-2021-35517 affects Apache Commons Compress tar handling. The vulnerability, triggered by reading a specially crafted TAR archive, can cause Compress to allocate excessive memory, potentially leading to an out-of-memory condition and a denial-of-service against services using Compress’ tar pac...
CVE-2021-36373
CVE-2021-36373 is a denial-of-service in Apache Ant caused by reading a specially crafted TAR archive that can exhaust memory, leading to OOM during builds. The initial description notes that Ant versions affected include 1.9.16 and 1.10.11 and that a memory exhaustion can disrupt builds. Connect...
CVE-2021-31811
CVE-2021-31811: Apache PDFBox 2.0.23 and earlier is vulnerable to an OutOfMemoryError when loading a crafted PDF. IBM/QRadar advisories confirm the issue and recommend upgrading PDFBox to v2.0.24 (via PJ46568 iFix/FIXPACK) or newer.
CVE-2022-21586
CVE-2022-21586 affects Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, specifically version 14.5. The issue is exploitable with network access via HTTP by a low-privilege attacker and requires user interaction; successful attacks can lead to unauthorized c...
CVE-2022-21581
CVE-2022-21581 affects Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, version 14.5. The vulnerability can be triggered by a low-privilege user with network access via HTTP, and exploitation requires user interaction. Successful attacks may lead to unautho...
CVE-2022-21584
Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, affected version 14.5, is vulnerable due to what appears to be a design/logic issue. The CVE-2022-21584 entry notes network access via HTTP with low privileges and required user interaction, potentially allow...
CVE-2022-21583
Technical details about CVE-2022-21583 are not publicly available in the provided connected documents. Please monitor for updates from Oracle and security advisories for affected versions, impact, and fixes.
CVE-2022-21582
CVE-2022-21582 affects Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, version 14.5. The vulnerability allows a low-privileged attacker with network access via HTTP to potentially access or modify critical data and cause partial DOS, with user interaction ...
CVE-2022-21585
CVE-2022-21585 affects Oracle Banking Trade Finance (Oracle Financial Services Applications), component Infrastructure, with vulnerable version 14.5. The vulnerability permits a low-privilege, network-accessible attacker (HTTP) to compromise data integrity/confidentiality and cause partial denial...
CVE-2023-22122
Oracle Banking Trade Finance (Infrastructure component) in Oracle Financial Services Applications, versions 14.5–14.7, is affected. The root cause is insufficient input validation in the Infrastructure layer, allowing a low-privileged attacker with HTTP network access to compromise the system, wi...
CVE-2023-22121
Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications is affected for versions 14.5–14.7. The vulnerability allows an unauthenticated attacker with network access via HTTP, after user interaction, to modify or read data (unauthorized update/insert/delete and read...
CVE-2023-22124
CVE-2023-22124 affects Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, specifically versions 14.5–14.7. The issue stems from insufficient input validation in the Infrastructure component, enabling a low-privileged attacker who can reach the system over HTT...
CVE-2023-22123
CVE-2023-22123 affects Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, specifically versions 14.5–14.7. Root cause: insufficient input validation allowing a low-privileged attacker with network access via HTTP to compromise the system. Impact includes unau...
CVE-2023-22125
Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications is affected for versions 14.5–14.7. The vulnerability arises from insufficient input validation, enabling a remote attacker with network access over HTTP and low privileges to access data with read, update, in...