Lucene search
+L
OracleCommunications Diameter Intelligence Hub

14 matches found

CVE
CVE
added 2020/12/11 1:11 a.m.1430 views

CVE-2020-17530

CVE-2020-17530 describes a vulnerability in Apache Struts 2 where forced OGNL evaluation on raw user input in tag attributes can cause remote code execution. Affected products range from Struts 2.0.0 up to 2.5.25. The description states that evaluating untrusted input via the %{...} syntax enable...

9.8CVSS9.6AI score0.95922EPSS
In wild
CVE
CVE
added 2020/12/08 3:30 p.m.1197 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2021/09/19 12:0 a.m.728 views

CVE-2021-40690

The CVE-2021-40690 issue affects Apache Santuario – XML Security for Java. All versions prior to 2.2.3 and 2.1.7 are vulnerable due to the "secureValidation" property not being passed when creating a KeyInfo from a KeyInfoReference element, enabling an XPath Transform abuse to extract local .xml ...

7.5CVSS7.4AI score0.1121EPSS
CVE
CVE
added 2021/04/13 6:50 a.m.637 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wild
CVE
CVE
added 2021/07/14 6:20 a.m.586 views

CVE-2021-36374

CVE-2021-36374 affects Apache Ant and causes denial of service via memory allocation when parsing specially crafted ZIP-based archives (and derived formats such as JARs and certain Office files). The vulnerability stems from how Ant reads these archives, enabling large memory use and out-of-memor...

5.5CVSS6.2AI score0.0262EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.403 views

CVE-2021-36090

CVE-2021-36090 affects Apache Commons Compress zip handling: reading a specially crafted ZIP can allocate excessive memory, causing an out-of-memory DoS. Supported details from IBM/AWS advisories point to a fix in Commons Compress (upgrade to 1.21+; e.g., Amazon Linux advisories list apache-commo...

7.5CVSS7.5AI score0.12945EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.327 views

CVE-2021-35515

CVE-2021-35515 is an infinite-loop denial-of-service in Apache Commons Compress when reading a crafted 7Z archive. The issue arises during the construction of the codecs list used to decompress an entry, potentially consuming unbounded CPU and impacting services that rely on the sevenz package. C...

7.5CVSS7.2AI score0.11567EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.321 views

CVE-2021-35517

CVE-2021-35517 affects Apache Commons Compress tar handling. The vulnerability, triggered by reading a specially crafted TAR archive, can cause Compress to allocate excessive memory, potentially leading to an out-of-memory condition and a denial-of-service against services using Compress’ tar pac...

7.5CVSS7.5AI score0.10614EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.300 views

CVE-2021-35516

CVE-2021-35516 affects Apache Commons Compress (the sevenz package). A specially crafted 7Z archive can cause the library to allocate excessive memory, ultimately causing an out-of-memory condition and a denial-of-service on services that use Compress’ sevenz component. The initial description do...

7.5CVSS7.3AI score0.12365EPSS
CVE
CVE
added 2021/05/27 2:48 p.m.294 views

CVE-2021-22118

CVE-2021-22118 affects the Spring Framework WebFlux component. The vulnerability exists in Spring Framework versions: 5.2.x prior to 5.2.15 and 5.3.x prior to 5.3.7. An authenticated local attacker can exploit a flaw tied to (re)creating the temporary storage directory to read or modify files upl...

7.8CVSS7.5AI score0.00396EPSS
CVE
CVE
added 2022/02/01 12:8 p.m.277 views

CVE-2021-43859

XStream Java library (versions before 1.4.19) is vulnerable to a remote DoS via crafted input streams that can cause 100% CPU, depending on CPU type/parallelism. The fix is upgrading to XStream 1.4.19, which monitors element-adding times and throws an exception when a threshold is exceeded; a NO_...

7.5CVSS7.5AI score0.07934EPSS
CVE
CVE
added 2021/04/02 10:5 a.m.256 views

CVE-2021-22696

CVE-2021-22696 affects Apache CXF where improper validation of the request_uri parameter in OAuth 2 flows allows a remote attacker to cause a denial of service on the authorization server. The issue occurs when a JWT-based request uses a request_uri to fetch the token, with insufficient validatio...

7.5CVSS7.4AI score0.06593EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.244 views

CVE-2021-2351

CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...

8.3CVSS8.5AI score0.025EPSS
CVE
CVE
added 2020/05/14 4:18 p.m.169 views

CVE-2020-11971

CVE-2020-11971: Apache Camel JMX Rebind Flaw affects Camel versions 2.22.x–3.1.0. The JMX rebind vulnerability could allow a remote attacker to access sensitive information via crafted requests. A fix is available: upgrade to Camel 3.2.0 or newer. CVSS scores reported include v3.1 base 7.5 (HIGH)...

7.5CVSS8.1AI score0.14331EPSS