Lucene search
+L
OracleCommunications Diameter Signaling Router

80 matches found

CVE
CVE
added 2019/04/19 12:0 a.m.3116 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
CVE
CVE
added 2020/10/02 2:14 p.m.1686 views

CVE-2020-7069

CVE-2020-7069 affects PHP AES-CCM encryption: when using openssl_encrypt() with a 12-byte IV, only the first 7 bytes are used in versions 7.2.x < 7.2.34, 7.3.x < 7.3.23, and 7.4.x

6.5CVSS6.2AI score0.02055EPSS
CVE
CVE
added 2021/10/25 5:40 a.m.1600 views

CVE-2021-21703

CVE-2021-21703 affects PHP with PHP-FPM: when main FPM daemon runs as root and workers run as lower-privilege users, a child process can access shared memory and modify it, enabling root-level privilege escalation. Affected ranges: PHP 7.3.x up to 7.3.31, 7.4.x below 7.4.25, and 8.0.x below 8.0.1...

7.8CVSS7.2AI score0.01337EPSS
CVE
CVE
added 2020/05/20 6:26 p.m.1525 views

CVE-2020-9484

CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...

7CVSS7.5AI score0.56636EPSS
CVE
CVE
added 2017/06/27 5:0 p.m.1489 views

CVE-2017-9841

CVE-2017-9841 (PHPUnit) affects the Util/PHP/eval-stdin.php component of PHPUnit. The vulnerability allows remote code execution when an HTTP POST request starts with the string "<?php" (or with a leading '

9.8CVSS9.2AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2018/01/04 1:0 p.m.1430 views

CVE-2017-5715

CVE-2017-5715 (Spectre Variant 2) describes speculative-execution side-channel issues used to disclose memory. Connected docs show concrete mitigations and impact across vendors: AMD notes that LFENCE/JMP mitigation (V2-2) may be insufficient on some CPUs; AMD recommends standard mitigations (ret...

5.6CVSS6.2AI score0.74041EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.1347 views

CVE-2020-2555

CVE-2020-2555 (WebLogic/Coherence) : A deserialization vulnerability in Oracle Coherence (Fusion Middleware) enables unauthenticated remote code execution via the T3 protocol. Affected versions include Coherence 3.7.1.x, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The flaw originates from ReflectionExtra...

9.8CVSS9.1AI score0.97116EPSS
In wild
CVE
CVE
added 2021/03/25 4:1 p.m.1302 views

CVE-2021-21783

CVE-2021-21783 affects Genivia gSOAP 2.8.107 in the WS-Addressing plugin. The vulnerability stems from a flaw in handling SOAP requests, enabling remote code execution when an attacker sends a crafted HTTP SOAP message. Descriptions across connected advisories corroborate that a specially crafted...

9.8CVSS9.6AI score0.04983EPSS
CVE
CVE
added 2021/12/18 11:55 a.m.1191 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2021/12/28 7:35 p.m.985 views

CVE-2021-44832

CVE-2021-44832 affects Apache Log4j2 up to 2.17.0 (except 2.3.2 and 2.12.4) when a configuration uses a JDBC Appender with a JNDI LDAP data source URI and an attacker controls the LDAP server. The root cause is JNDI LDAP data source handling enabling RCE. Impact: remote code execution with the de...

8.5CVSS8.4AI score0.97906EPSS
In wild
CVE
CVE
added 2019/02/27 11:0 p.m.928 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2021/02/15 4:10 a.m.901 views

CVE-2021-21702

In PHP, the SOAP extension is vulnerable to a null-pointer dereference when a SOAP server returns malformed XML, potentially crashing the interpreter. Affected versions are PHP 7.3.x < 7.3.27, 7.4.x < 7.4.15, and 8.0.x

7.5CVSS6.3AI score0.03179EPSS
CVE
CVE
added 2021/07/12 2:55 p.m.749 views

CVE-2021-30640

CVE-2021-30640 describes a vulnerability in the JNDI Realm of Apache Tomcat that allows an attacker to authenticate using variations of a valid username and/or bypass some LockOut Realm protections. Affected are Tomcat releases: 10.0.0-M1 through 10.0.5, 9.0.0.M1 through 9.0.45, and 8.5.0 through...

6.5CVSS6.6AI score0.09886EPSS
CVE
CVE
added 2020/02/10 7:45 a.m.716 views

CVE-2020-7059

CVE-2020-7059 concerns PHP’s fgetss() reading data with stripped tags, allowing a read past the allocated buffer in PHP versions affected: 7.2.x < 7.2.27, 7.3.x < 7.3.14, and 7.4.x

9.1CVSS7.6AI score0.07116EPSS
CVE
CVE
added 2020/08/21 8:50 p.m.709 views

CVE-2020-8622

CVE-2020-8622 pertains to ISC BIND and causes an assertion failure leading to a server exit when processing a truncated TSIG-signed response. The vulnerability can be triggered by an attacker on the network path or by exploiting a server receiving a TSIG-signed request, potentially harming availa...

6.5CVSS7.2AI score0.05545EPSS
CVE
CVE
added 2020/04/27 8:38 p.m.687 views

CVE-2020-7067

CVE-2020-7067 describes an out-of-bounds read in PHP’s urldecode() when PHP is built with EBCDIC support. Affected versions are PHP 7.2.x < 7.2.30, 7.3.x < 7.3.17, and 7.4.x

7.5CVSS7.5AI score0.04311EPSS
In wild
CVE
CVE
added 2020/02/10 7:45 a.m.678 views

CVE-2020-7060

CVE-2020-7060: In PHP mbstring mbfl_filt_conv_big5_wchar, crafted data can read past the allocated buffer, causing information disclosure or crash. Affected: PHP 7.2.x < 7.2.27, 7.3.x < 7.3.14, 7.4.x

9.1CVSS7.6AI score0.08888EPSS
CVE
CVE
added 2019/06/19 10:24 p.m.650 views

CVE-2019-2729

CVE-2019-2729 affects Oracle WebLogic Server (Web Services component) with unauthenticated remote code execution via deserialization. Affected versions are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability stems from improper deserialization (WebLogic Web Services / XMLDecoder context) an...

9.8CVSS9.4AI score0.8883EPSS
In wild
CVE
CVE
added 2021/07/12 2:55 p.m.614 views

CVE-2021-33037

CVE-2021-33037 affects Apache Tomcat: versions 10.0.0-M1–10.0.6, 9.0.0.M1–9.0.46, and 8.5.0–8.5.66 may mishandle the HTTP transfer-encoding header with reverse proxies, enabling request smuggling. Root cause: improper header handling allowing spoofed content encoding sequencing. Impact stated in ...

5.3CVSS6.1AI score0.75353EPSS
CVE
CVE
added 2020/01/16 11:55 p.m.581 views

CVE-2020-5398

CVE-2020-5398 (Spring Framework) affects Spring Framework versions: 5.0.x before 5.0.16, 5.1.x before 5.1.13, and 5.2.x before 5.2.3. The vulnerability is a reflected file download (RFD) attack triggered when an application sets a Content-Disposition header whose filename is derived from user inp...

8CVSS7.3AI score0.88077EPSS
Web
CVE
CVE
added 2020/03/02 3:59 a.m.565 views

CVE-2020-9546

CVE-2020-9546 affects FasterXML jackson-databind 2.x before 2.9.10.4, where serialization gadgets and typing interactions involving org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig can lead to deserialization issues. The IBM/Cloudera bulletin references the same CVE and lists a high impact...

9.8CVSS9.2AI score0.04613EPSS
CVE
CVE
added 2020/03/02 3:58 a.m.530 views

CVE-2020-9548

CVE-2020-9548 affects Cloudera Data Platform Private Cloud Base (IBM) 7.1.9. It is a deserialization vulnerability in FasterXML jackson-databind 2.x up to 2.9.10.3/4 where interaction between serialization gadgets and typing (relating to br.com.anteros.dbcp.AnterosDBCPConfig) can lead to remote c...

9.8CVSS9.1AI score0.18345EPSS
In wild
CVE
CVE
added 2020/05/01 6:55 p.m.510 views

CVE-2020-10683

CVE-2020-10683 is described in IBM Bulletin sources as an XXE vulnerability in the dom4j library, allowing a remote authenticated attacker to obtain sensitive information through XML processing. The issue stems from dom4j handling External DTDs/Entities by default, and multiple IBM entries map th...

9.8CVSS9.2AI score0.07269EPSS
CVE
CVE
added 2020/03/31 4:37 a.m.505 views

CVE-2020-11113

CVE-2020-11113 is a deserialization vulnerability in FasterXML jackson-databind (2.x before 2.9.10.4) tied to typing gadget interactions (notably related to org.apache.openjpa.ee.WASRegistryManagedRuntime). The connected documents corroborate an exploit path via unsafe deserialization leading to ...

8.8CVSS8.3AI score0.06278EPSS
CVE
CVE
added 2021/10/19 12:0 a.m.486 views

CVE-2021-37136

CVE-2021-37136 : The Bzip2 decompression decoder can set no limit on the decompressed output size, affecting all Bzip2Decoder users. This under- or over-allocates memory during decompression and can trigger an OutOfMemoryError, enabling DoS. Connected IBM/ASTRA entries reiterate the same descript...

7.5CVSS7.4AI score0.05651EPSS
CVE
CVE
added 2021/10/14 7:55 p.m.486 views

CVE-2021-42340

The CVE-2021-42340 issue is a memory leak in Apache Tomcat caused by the upgrade HTTP metric collector not releasing WebSocket resources after close. Affected versions include Tomcat 8.5.60–8.5.71, 9.0.40–9.0.53, 10.0.0-M1–10.0.11, and 10.1.0-M1–10.1.0-M5. Over time, this leak can lead to OutOfMe...

7.5CVSS6.7AI score0.10997EPSS
CVE
CVE
added 2020/06/05 2:20 p.m.476 views

CVE-2020-12723

CVE-2020-12723 : In Perl, regcomp.c allows a buffer overflow in the regex compiler due to crafted regular expressions, caused by recursive S_study_chunk calls. The issue affects Perl before 5.30.3, notably on 32‑bit platforms. Reports in Connected documents indicate fixes have been released (e.g....

7.5CVSS8.1AI score0.05971EPSS
CVE
CVE
added 2020/03/18 9:17 p.m.471 views

CVE-2020-10672

CVE-2020-10672 affects FasterXML jackson-databind 2.x prior to 2.9.10.4. The issue arises from deserialization gadget/typing interaction (related to org.apache. Aries transaction JMS XaPooledConnectionFactory), enabling high-severity impact on data confidentiality/integrity/availability. Connecte...

8.8CVSS8.3AI score0.02984EPSS
CVE
CVE
added 2020/06/14 7:42 p.m.465 views

CVE-2020-14061

CVE-2020-14061 concerns Jackson Databind 2.x before 2.9.10.5, where deserialization gadgets typing interaction (including oracle.jms.AQjms* components) can be exploited. IBM and NVD references show a high-severity exposure (base scores up to 8.1–9.8) with network attack vector and partial to high...

8.1CVSS8.5AI score0.04458EPSS
CVE
CVE
added 2020/04/07 10:14 p.m.461 views

CVE-2020-11619

CVE-2020-11619 affects Jackson Databind 2.x before 2.9.10.4 and is caused by mishandling the interaction between serialization gadgets and typing (related to spring-aop). This deserialization issue can lead to arbitrary code execution when a crafted JSON is processed, as described in IBM/ISIQ con...

8.1CVSS8AI score0.03607EPSS
CVE
CVE
added 2020/03/26 12:43 p.m.457 views

CVE-2020-10968

CVE-2020-10968 affects FasterXML jackson-databind 2.x before 2.9.10.4. The issue arises from how serialization gadgets interact with typing, specifically related to org.aoju.bus.proxy.provider.remoting.RmiProvider (bus-proxy). The result is a deserialization vulnerability with high impact to conf...

8.8CVSS8.3AI score0.03538EPSS
CVE
CVE
added 2020/05/14 3:57 p.m.454 views

CVE-2020-1945

This CVE (CVE-2020-1945) affects Apache Ant. Connected Arch Linux advisory ASA-202005-15 confirms the vulnerability exists in ant before version 1.10.8-1, where Ant uses java.io.tmpdir for several tasks and can leak sensitive information. The fixcrlf and replaceregexp tasks may copy files from th...

6.3CVSS6.8AI score0.01808EPSS
CVE
CVE
added 2020/06/14 7:42 p.m.453 views

CVE-2020-14062

CVE-2020-14062 affects jackson-databind 2.x prior to 2.9.10.5, where interaction between serialization gadgets and typing (related to JNDIConnectionPool) can lead to deserialization abuse with high impact. IBM/X-Force entries consolidate this as a 9.8/3.0 vulnerability. In the connected IBM bulle...

8.1CVSS8.6AI score0.08072EPSS
CVE
CVE
added 2020/06/16 3:7 p.m.450 views

CVE-2020-14195

CVE-2020-14195 affects FasterXML jackson-databind 2.x before 2.9.10.5, where deserialization gadgets/typing interaction can be exploited (related to org.jsecurity JndiRealmFactory) to potentially execute code. IBM X-Force lists a base score of 9.8 with HIGH impact on confidentiality, integrity an...

8.1CVSS8.5AI score0.04549EPSS
CVE
CVE
added 2020/03/31 4:37 a.m.449 views

CVE-2020-11111

CVE-2020-11111 involves FasterXML Jackson Databind 2.x before 2.9.10.4, where deserialization gadgets and typing interaction (related to org.apache.activemq.*) are mishandled. This can impact confidentiality, integrity and availability. Affected product is Jackson Databind 2.x prior to 2.9.10.4; ...

8.8CVSS8.3AI score0.03489EPSS
CVE
CVE
added 2020/03/26 12:43 p.m.444 views

CVE-2020-10969

CVE-2020-10969 : Jackson Databind 2.x prior to 2.9.10.4 has a deserialization flaw caused by how serialization gadgets interact with typing (related to javax.swing.JEditorPane). This can enable deserialization of untrusted data with potential remote code execution. The issue is publicly documente...

8.8CVSS8.3AI score0.03473EPSS
CVE
CVE
added 2020/03/18 9:17 p.m.443 views

CVE-2020-10673

CVE-2020-10673 affects FasterXML jackson-databind 2.x prior to 2.9.10.4. The IBM bulletin and the consolidated Jira/Advisory in connected docs describe a deserialization issue where interaction between serialization gadgets and typing (related to com.caucho.config.types.ResourceRef, aka caucho-qu...

8.8CVSS8.3AI score0.08028EPSS
CVE
CVE
added 2021/10/19 12:0 a.m.441 views

CVE-2021-37137

CVE-2021-37137 involves Netty’s Snappy frame decoding where the SnappyFrameDecoder does not restrict the chunk length, enabling potential excessive memory usage. The issue can be triggered by crafted input that decompresses to a very large size (via network streams or files) or by sending a very ...

7.5CVSS7.4AI score0.0628EPSS
CVE
CVE
added 2020/06/14 8:46 p.m.436 views

CVE-2020-14060

CVE-2020-14060 affects FasterXML jackson-databind 2.x before 2.9.10.5. The root cause is mishandling of the interaction between serialization gadgets and typing (related to JNDIConnectionPool), enabling deserialization-enabled impact on confidentiality, integrity, and availability. The IBM X-Forc...

8.1CVSS8.6AI score0.08607EPSS
CVE
CVE
added 2020/03/31 4:37 a.m.428 views

CVE-2020-11112

CVE-2020-11112 affects FasterXML jackson-databind 2.x before 2.9.10.4, where serialization gadgets and typing interaction is mishandled (related to org.apache.commons.proxy.provider.remoting.RmiProvider). This is a deserialization issue that could enable malicious payload execution; affected prod...

8.8CVSS8.3AI score0.03583EPSS
CVE
CVE
added 2021/07/15 5:0 p.m.399 views

CVE-2021-34429

CVE-2021-34429 affects Eclipse Jetty: 9.4.37–9.4.42, 10.0.1–10.0.5, and 11.0.1–11.0.5. A vulnerability allows crafting certain encoded URIs to access WEB-INF content and bypass some security constraints, constituting a variation of CVE-2021-28164. Public references in connected docs describe this...

5.3CVSS5.4AI score0.99298EPSS
CVE
CVE
added 2020/06/05 1:27 p.m.392 views

CVE-2020-10878

Perl before 5.30.3 contains an integer overflow in the regular expression compiler (related to PL_regkind[OP(n)] == NOTHING). A crafted regex can produce malformed bytecode with a possibility of instruction injection, as documented by multiple advisories and CVEs (e.g., CVE-2020-10878). Public re...

8.6CVSS8.8AI score0.04879EPSS
CVE
CVE
added 2020/06/05 1:17 p.m.375 views

CVE-2020-10543

CVE-2020-10543 affects Perl before 5.30.3 on 32-bit platforms, where nested regular expression quantifiers cause a heap-based buffer overflow (integer overflow) in the regex compiler. The connected advisories confirm fixes/updates for Perl (e.g., CloudLinux, AlmaLinux, ALAS2), indicating remediat...

8.2CVSS8.7AI score0.11334EPSS
CVE
CVE
added 2020/12/07 7:22 p.m.365 views

CVE-2020-17521

CVE-2020-17521 affects Apache Groovy extension methods that handle temporary directory creation. The root cause is a race condition in Groovy’s implementation, which previously called a now-superseded Java JDK method; this could allow a local attacker to obtain sensitive information. Affected ver...

5.5CVSS5.4AI score0.0105EPSS
CVE
CVE
added 2019/07/29 11:42 a.m.321 views

CVE-2019-14379

CVE-2019-14379 affects FasterXML jackson-databind prior to 2.9.9.2, where default typing mishandling when ehcache is present (via net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup) leads to remote code execution. Affected component is jackson-databind’s data-binding implementatio...

9.8CVSS9.7AI score0.08111EPSS
CVE
CVE
added 2018/02/06 3:0 p.m.307 views

CVE-2017-15095

Summary of CVE-2017-15095 and related sightings : The material consistently reports a deserialization flaw in jackson-databind, affecting versions prior to 2.8.10 and 2.9.1. An unauthenticated user could trigger code execution via ObjectMapper.readValue with malicious input. The issue is describe...

9.8CVSS9.2AI score0.08357EPSS
Web
CVE
CVE
added 2018/07/09 8:0 p.m.296 views

CVE-2018-1000613

CVE-2018-1000613 concerns Legion of the Bouncy Castle Java Cryptography APIs (BC) 1.58–1.59 up to, but not including, 1.60. It is a CWE-470 Unsafe Reflection vulnerability in XMSS/XMSS^MT private key deserialization, which can allow a remote attacker to execute arbitrary code by crafting a privat...

9.8CVSS8.6AI score0.04767EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.294 views

CVE-2020-36189

CVE-2020-36189 affects FasterXML jackson-databind 2.x before 2.9.10.8. The issue is a deserialization/serialization typing interaction with gadgets (e.g., logback, MySQL/commons proxies) that can lead to arbitrary code execution, data exfiltration or integrity/availability impacts as described in...

8.1CVSS7.7AI score0.04912EPSS
CVE
CVE
added 2020/09/17 6:39 p.m.288 views

CVE-2020-24750

CVE-2020-24750 affects FasterXML jackson-databind 2.x prior to 2.9.10.6, where the interaction between serialization gadgets and typing is mishandled (CWE-502). This deserialization flaw could enable exploitation via untrusted data; the connected IBM/Cloudera doc confirms the CVE entry but does n...

8.1CVSS7.7AI score0.07327EPSS
CVE
CVE
added 2018/04/06 1:0 p.m.281 views

CVE-2018-1270

Summary: CVE-2018-1270 affects Spring Framework versions 5.0.x before 5.0.5 and 4.3.x before 4.3.15 (and older unsupported) via the spring-messaging module, which can expose STOMP over WebSocket endpoints to a simple in-memory broker. A malicious actor can craft a message to the broker that leads...

9.8CVSS9.4AI score0.77245EPSS
Web
Total number of security vulnerabilities80