Lucene search

K
OracleBanking Trade Finance Process Management

14 matches found

CVE
CVE
added 2022/04/01 11:15 p.m.1439 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

9.8CVSS9.5AI score0.94474EPSS
CVE
CVE
added 2021/02/15 1:15 p.m.446 views

CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

7.2CVSS7.2AI score0.00551EPSS
CVE
CVE
added 2021/02/08 8:15 p.m.416 views

CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multip...

6.2CVSS6.2AI score0.00016EPSS
CVE
CVE
added 2021/03/30 3:15 p.m.406 views

CVE-2021-21409

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-...

5.9CVSS6.5AI score0.04983EPSS
CVE
CVE
added 2021/05/28 9:15 p.m.387 views

CVE-2021-29505

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to s...

8.8CVSS8.2AI score0.90769EPSS
CVE
CVE
added 2020/11/16 9:15 p.m.335 views

CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is ...

9.3CVSS8.2AI score0.93566EPSS
CVE
CVE
added 2020/07/15 5:15 p.m.316 views

CVE-2020-8203

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

7.4CVSS6.9AI score0.03276EPSS
CVE
CVE
added 2021/02/15 11:15 a.m.232 views

CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

5.3CVSS6AI score0.00275EPSS
CVE
CVE
added 2021/03/19 4:15 p.m.158 views

CVE-2021-27906

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5CVSS5.6AI score0.00331EPSS
CVE
CVE
added 2021/03/19 4:15 p.m.153 views

CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5CVSS5.6AI score0.00331EPSS
CVE
CVE
added 2021/11/01 9:15 a.m.128 views

CVE-2021-41973

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

6.5CVSS6.4AI score0.01601EPSS
CVE
CVE
added 2019/04/17 3:29 p.m.123 views

CVE-2019-0228

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

9.8CVSS8.9AI score0.07835EPSS
CVE
CVE
added 2020/01/14 3:15 p.m.117 views

CVE-2019-12399

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, the...

7.5CVSS7.3AI score0.02829EPSS
CVE
CVE
added 2022/04/19 9:15 p.m.66 views

CVE-2022-21474

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bankin...

5.9CVSS5.8AI score0.00243EPSS