11 matches found
CVE-2021-45105
Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...
CVE-2019-10086
CVE-2019-10086 affects Apache Commons BeanUtils 1.9.2, where a BeanIntrospector addition could suppress access to the classloader via the class property on Java objects. The issue stems from not applying the suppression by default in PropertyUtilsBean, enabling potential risk across affected depl...
CVE-2021-29425
CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...
CVE-2020-28052
CVE-2020-28052 — BC Java OpenBSDBCrypt.password check issue : In Legion of the Bouncy Castle BC Java versions 1.65 and 1.66, the OpenBSDBCrypt.checkPassword method can compare data incorrectly during password verification, causing some incorrect passwords to be treated as a match for different, p...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2018-1000613
CVE-2018-1000613 concerns Legion of the Bouncy Castle Java Cryptography APIs (BC) 1.58–1.59 up to, but not including, 1.60. It is a CWE-470 Unsafe Reflection vulnerability in XMSS/XMSS^MT private key deserialization, which can allow a remote attacker to execute arbitrary code by crafting a privat...
CVE-2019-17359
The CVE-2019-17359 entry concerns Bouncy Castle Crypto (BC Java) 1.63. The vulnerability lies in the ASN.1 parser, which can trigger a large memory allocation leading to a memory exhaustion/OutOfMemoryError via crafted ASN.1 data. Affected product: BC Java 1.63; fixed in BC Java 1.64. The issue i...
CVE-2023-21848
Oracle Communications Convergence (Admin Configuration) vulnerable in version 3.0.3.1.0 due to insufficient input validation. A remote, low-privilege attacker with network access over HTTP can potentially take over the system. Public details in PT-2023-1195 confirm the issue and note that a fix i...
CVE-2022-21338
CVE-2022-21338 affects Oracle Communications Convergence (General Framework) with affected version 3.0.2.2.0. The vulnerability allows a low-privileged, network-authenticated attacker (HTTP) to compromise data, requiring user interaction for exploitation; potential impacts include unauthorized up...
CVE-2017-10031
The CVE-2017-10031 issue affects the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Mail Proxy (dojo) ). Affected versions are 3.0 and 3.0.1. An unauthenticated attacker with network access via HTTP can compromise Oracle Communications Convergence...
CVE-2018-2936
CVE-2018-2936 affects Oracle Communications Messaging Server (subcomponent: Web Client) in Oracle Communications Applications, with version 3.x affected. The root cause is a vulnerability in the Web Client subcomponent that allows unauthenticated attackers over HTTP to compromising data confident...