Lucene search
K
OracleBanking Treasury Management

29 matches found

CVE
CVE
added 2021/12/18 11:55 a.m.1185 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2020/12/03 4:16 p.m.614 views

CVE-2020-25649

The CVE-2020-25649 entry concerns a flaw in FasterXML Jackson Databind where entity expansion was not properly secured, enabling XML External Entity (XXE) attacks. This is a data-integrity risk. Connected advisories consistently associate the issue with Jackson Databind and XXE, and several sourc...

7.5CVSS7.3AI score0.17611EPSS
CVE
CVE
added 2021/07/14 6:20 a.m.584 views

CVE-2021-36374

CVE-2021-36374 affects Apache Ant and causes denial of service via memory allocation when parsing specially crafted ZIP-based archives (and derived formats such as JARs and certain Office files). The vulnerability stems from how Ant reads these archives, enabling large memory use and out-of-memor...

5.5CVSS6.2AI score0.0262EPSS
CVE
CVE
added 2021/08/18 3:10 p.m.539 views

CVE-2021-37714

CVE-2021-37714 affects jsoup (Java HTML parser) versions prior to 1.14.2. When parsing untrusted HTML/XML, the parser may loop, slow down, or throw exceptions, enabling a denial-of-service condition. A fix is available in jsoup 1.14.2. Workarounds include rate-limiting parsing input, capping inpu...

7.5CVSS7.3AI score0.06873EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.400 views

CVE-2021-36090

CVE-2021-36090 affects Apache Commons Compress zip handling: reading a specially crafted ZIP can allocate excessive memory, causing an out-of-memory DoS. Supported details from IBM/AWS advisories point to a fix in Commons Compress (upgrade to 1.21+; e.g., Amazon Linux advisories list apache-commo...

7.5CVSS7.5AI score0.13292EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.324 views

CVE-2021-35515

CVE-2021-35515 is an infinite-loop denial-of-service in Apache Commons Compress when reading a crafted 7Z archive. The issue arises during the construction of the codecs list used to decompress an entry, potentially consuming unbounded CPU and impacting services that rely on the sevenz package. C...

7.5CVSS7.2AI score0.11879EPSS
CVE
CVE
added 2021/07/12 12:10 p.m.323 views

CVE-2021-30129

CVE-2021-30129 affects Apache Mina SSHD's sshd-core; a crafted request can trigger an OutOfMemory DoS in the SFTP and port forwarding features. Remediation: upgrade to Apache Mina SSHD 2.7.0 (fix documented in the IBM PEM advisory referencing this CVE). If applying via IBM PEM, follow their patch...

6.5CVSS6.9AI score0.03394EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.317 views

CVE-2021-35517

CVE-2021-35517 affects Apache Commons Compress tar handling. The vulnerability, triggered by reading a specially crafted TAR archive, can cause Compress to allocate excessive memory, potentially leading to an out-of-memory condition and a denial-of-service against services using Compress’ tar pac...

7.5CVSS7.5AI score0.10901EPSS
CVE
CVE
added 2020/10/01 7:24 p.m.315 views

CVE-2020-11979

CVE-2020-11979 affects Apache Ant 1.10.8. The mitigation for CVE-2020-1945 changed temp-file permissions, but the fixcrlf task deleted the temp file and recreated it without protection, enabling an attacker to inject modified source files during builds. Connected advisories confirm the issue and ...

7.5CVSS6.9AI score0.08235EPSS
CVE
CVE
added 2020/12/27 4:32 a.m.309 views

CVE-2020-35728

CVE-2020-35728 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, where improper interaction between serialization gadgets and typing (related to embedded Xalan/JNDIConnectionPool) is described. The IBM bulletin (CVE list) confirms this vulnerability and its description, but does not provi...

8.1CVSS7.7AI score0.12504EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.306 views

CVE-2020-36180

The connected documents confirm CVE-2020-36180 affects FasterXML jackson-databind 2.x before 2.9.10.8, due to mishandling of interaction between serialization gadgets and typing, specifically involving DriverAdapterCPDS in org.apache.commons.dbcp2.cpdsadapter (and related CPDS drivers). A public ...

8.8CVSS7.7AI score0.05041EPSS
CVE
CVE
added 2021/07/14 6:20 a.m.300 views

CVE-2021-36373

CVE-2021-36373 is a denial-of-service in Apache Ant caused by reading a specially crafted TAR archive that can exhaust memory, leading to OOM during builds. The initial description notes that Ant versions affected include 1.9.16 and 1.10.11 and that a memory exhaustion can disrupt builds. Connect...

5.5CVSS6.1AI score0.02511EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.294 views

CVE-2020-36179

CVE-2020-36179 affects FasterXML Jackson Databind (2.x) prior to 2.9.10.8, where the interaction between serialization gadgets and typing (notably involving DriverAdapterCPDS variants) is mishandled. Several connected advisories corroborate an insecure-deserialization pattern that can be triggere...

8.8CVSS7.7AI score0.20929EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.291 views

CVE-2020-36182

CVE-2020-36182 affects FasterXML jackson-databind 2.x before 2.9.10.8, due to mishandling of serialization gadgets and typing involving DriverAdapterCPDS (org.apache.tomcat.dbcp.dbcp2.cpdsadapter). Do not speculate on exploitability beyond what is stated; some sources (e.g., Debian LTS advisory) ...

8.8CVSS7.7AI score0.05018EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.291 views

CVE-2020-36183

CVE-2020-36183 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, due to mishandling of interaction between serialization gadgets and typing (JNDIConnectionPool gadget chain). Reported in IBM/X-Force and mirrored in Astra Linux bulletin; impact can be high (deserialization-based). Affected...

8.1CVSS7.7AI score0.0489EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.290 views

CVE-2020-36189

CVE-2020-36189 affects FasterXML jackson-databind 2.x before 2.9.10.8. The issue is a deserialization/serialization typing interaction with gadgets (e.g., logback, MySQL/commons proxies) that can lead to arbitrary code execution, data exfiltration or integrity/availability impacts as described in...

8.1CVSS7.7AI score0.04912EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.289 views

CVE-2020-36184

CVE-2020-36184 affects FasterXML jackson-databind 2.x before 2.9.10.8. The connected documents describe a vulnerability arising from the interaction between serialization gadgets and typing, tied to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (and related datasource classes). T...

8.8CVSS7.7AI score0.10379EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.286 views

CVE-2020-36185

CVE-2020-36185 is a Jackson Databind v2.x vulnerability (pre-2.9.10.8) where deserialization gadgets interact with typing, linked to SharedPoolDataSource/JNDI-related classes. Affected: jackson-databind 2.x before 2.9.10.8. Impact includes potential remote code execution via gadget chains. Remedi...

8.1CVSS7.7AI score0.05218EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.280 views

CVE-2020-36181

Consolidated evidence shows CVE-2020-36181 affects FasterXML jackson-databind 2.x before 2.9.10.8. The vulnerability arises from mishandling the interaction between serialization gadgets and typing, specifically related to DriverAdapterCPDS classes (notably org.apache.tomcat.dbcp.dbcp.cpdsadapter...

8.8CVSS7.7AI score0.05018EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.280 views

CVE-2020-36188

The CVE-2020-36188 issue affects FasterXML jackson-databind 2.x prior to 2.9.10.8, caused by mis-handling serialization gadgets in combination with typing (notably involving com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource). The vulnerability is described across multiple source...

8.1CVSS7.7AI score0.10911EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.279 views

CVE-2020-36186

CVE-2020-36186 affects FasterXML jackson-databind 2.x up to before 2.9.10.8, where serialization gadgets and typing handling interact incorrectly in the presence of PerUserPoolDataSource (org.apache.tomcat.dbcp.dbcp.datasources). This deserialization-related flaw can impact confidentiality, integ...

8.1CVSS7.7AI score0.05218EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.272 views

CVE-2020-36187

CVE-2020-36187 affects FasterXML jackson-databind 2.x before 2.9.10.8. The root cause is a mishandling of the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. The connected Astra Linux bulletin mirrors this description....

8.1CVSS7.7AI score0.05195EPSS
CVE
CVE
added 2020/12/17 6:43 p.m.262 views

CVE-2020-35491

CVE-2020-35491 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, tied to deserialization gadget typing interactions via org.apache.commons.dbcp2.datasources.SharedPoolDataSource. Connected docs corroborate an extensive Jackson deserialization issue set with high impact, but the provided m...

8.1CVSS7.7AI score0.09477EPSS
CVE
CVE
added 2020/12/17 6:43 p.m.251 views

CVE-2020-35490

CVE-2020-35490 : jackson-databind 2.x before 2.9.10.8 is affected. The issue arises from mishandling the interaction between serialization gadgets and typing, related to PerUserPoolDataSource in org.apache.commons.dbcp2. Root cause: polymorphic deserialization/gadget chaining leads to potential c...

8.1CVSS7.7AI score0.07694EPSS
CVE
CVE
added 2021/06/12 9:45 a.m.197 views

CVE-2021-31811

CVE-2021-31811: Apache PDFBox 2.0.23 and earlier is vulnerable to an OutOfMemoryError when loading a crafted PDF. IBM/QRadar advisories confirm the issue and recommend upgrading PDFBox to v2.0.24 (via PJ46568 iFix/FIXPACK) or newer.

5.5CVSS5.6AI score0.03445EPSS
CVE
CVE
added 2021/03/19 4:5 p.m.187 views

CVE-2021-27807

CVE-2021-27807 affects Apache PDFBox 2.0.22 and earlier 2.0.x. The issue arises when loading a crafted PDF, triggering an infinite loop and causing denial of service. Connected IBM advisories confirm the same description and map remediation to upgrading to fixed PDFBox versions via product-specif...

5.5CVSS5.6AI score0.02979EPSS
CVE
CVE
added 2021/03/19 4:5 p.m.186 views

CVE-2021-27906

CVE-2021-27906 affects Apache PDFBox; a crafted PDF can trigger an OutOfMemoryError when loading, impacting PDFBox 2.0.22 and earlier 2.0.x. The connected IBM/QRadar security bulletin confirms the same CVE ID and notes remediation: upgrade to IBM Cognos-related 2.0.6.12, then apply FixPack 2.0.6....

5.5CVSS5.6AI score0.03337EPSS
CVE
CVE
added 2021/11/01 8:35 a.m.155 views

CVE-2021-41973

CVE-2021-41973 affects Apache MINA, where a specially crafted HTTP request can cause the HTTP Header decoder to loop indefinitely, leading to a denial of service. The root cause is the decoder assuming headers begin at the buffer start and looping if extra data is present. Mitigation: upgrade MIN...

6.5CVSS6.4AI score0.04332EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.108 views

CVE-2022-21473

Oracle Banking Treasury Management (Oracle Financial Services Applications) is affected by CVE-2022-21473 in the Infrastructure component for version 14.5. The vulnerability can be exploited by a low-privilege, network-accessible attacker over HTTP and requires user interaction; successful exploi...

5.9CVSS5.8AI score0.00609EPSS