Banking Payments Security Vulnerabilities and Issues — Banking Payments CVE List

Lucene search

OracleBanking Payments

8 matches found

CVE•added 2021/07/13 8:15 a.m.•364 views

CVE-2021-36090

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

7.5CVSS7.5AI score0.00279EPSS

CVE•added 2021/07/13 8:15 a.m.•283 views

CVE-2021-35515

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

7.5CVSS7.2AI score0.0012EPSS

CVE•added 2021/07/13 8:15 a.m.•279 views

CVE-2021-35517

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

7.5CVSS7.5AI score0.00314EPSS

CVE•added 2019/08/30 9:15 a.m.•196 views

CVE-2019-12402

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

7.5CVSS7.1AI score0.00163EPSS

CVE•added 2020/01/14 3:15 p.m.•119 views

CVE-2019-12399

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, the...

7.5CVSS7.3AI score0.03156EPSS

CVE•added 2019/07/23 11:15 p.m.•86 views

CVE-2019-2782

Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

7.5CVSS7.3AI score0.01684EPSS

CVE•added 2018/04/19 2:29 a.m.•43 views

CVE-2018-2746

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via ...

7.1CVSS6.8AI score0.00671EPSS

CVE•added 2020/01/15 5:15 p.m.•37 views

CVE-2020-2713

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payment...

7.1CVSS6.8AI score0.00475EPSS