Lucene search

K
OracleCommunications Messaging Server

41 matches found

CVE
CVE
added 2021/12/14 12:15 p.m.1194 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS
In wild
CVE
CVE
added 2021/12/18 12:15 p.m.1118 views

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

5.9CVSS7.7AI score0.70431EPSS
In wildWeb
CVE
CVE
added 2022/01/18 4:15 p.m.746 views

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configura...

8.8CVSS9.3AI score0.72202EPSS
In wild
CVE
CVE
added 2022/01/18 4:15 p.m.657 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

9CVSS9.2AI score0.00882EPSS
CVE
CVE
added 2021/09/19 6:15 p.m.656 views

CVE-2021-40690

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any loca...

7.5CVSS7.4AI score0.00325EPSS
In wild
CVE
CVE
added 2022/01/18 4:15 p.m.629 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings int...

9.8CVSS9.4AI score0.14136EPSS
Web
CVE
CVE
added 2020/12/03 5:15 p.m.573 views

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

7.5CVSS7.3AI score0.00011EPSS
CVE
CVE
added 2020/06/27 12:15 p.m.560 views

CVE-2020-15358

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

5.5CVSS6.8AI score0.00036EPSS
CVE
CVE
added 2017/04/17 9:59 p.m.541 views

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

9.8CVSS9.5AI score0.94013EPSS
CVE
CVE
added 2021/08/18 3:15 p.m.507 views

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancell...

7.5CVSS7.3AI score0.00591EPSS
CVE
CVE
added 2021/02/08 8:15 p.m.480 views

CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multip...

6.2CVSS6.2AI score0.00017EPSS
CVE
CVE
added 2020/04/09 3:15 a.m.475 views

CVE-2020-11655

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

7.5CVSS7.9AI score0.02825EPSS
CVE
CVE
added 2021/03/30 3:15 p.m.471 views

CVE-2021-21409

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-...

5.9CVSS6.5AI score0.04983EPSS
CVE
CVE
added 2020/04/09 3:15 a.m.403 views

CVE-2020-11656

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

9.8CVSS9.1AI score0.09404EPSS
CVE
CVE
added 2021/07/13 8:15 a.m.384 views

CVE-2021-36090

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

7.5CVSS7.5AI score0.00279EPSS
CVE
CVE
added 2020/02/21 10:15 p.m.359 views

CVE-2020-9327

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

7.5CVSS7.8AI score0.01401EPSS
CVE
CVE
added 2020/12/18 1:15 a.m.357 views

CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

8.1CVSS7.7AI score0.0378EPSS
CVE
CVE
added 2020/06/06 4:15 p.m.321 views

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

7.5CVSS7.4AI score0.02187EPSS
CVE
CVE
added 2021/06/16 12:15 p.m.319 views

CVE-2021-33813

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

7.5CVSS7AI score0.0006EPSS
CVE
CVE
added 2021/07/13 8:15 a.m.303 views

CVE-2021-35515

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

7.5CVSS7.2AI score0.00107EPSS
CVE
CVE
added 2021/07/13 8:15 a.m.299 views

CVE-2021-35517

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

7.5CVSS7.5AI score0.0028EPSS
CVE
CVE
added 2020/04/07 6:15 p.m.287 views

CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

7.5CVSS7.3AI score0.01846EPSS
CVE
CVE
added 2021/07/13 8:15 a.m.277 views

CVE-2021-35516

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

7.5CVSS7.3AI score0.00277EPSS
CVE
CVE
added 2021/01/06 11:15 p.m.275 views

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

8.1CVSS7.7AI score0.02635EPSS
CVE
CVE
added 2020/09/17 7:15 p.m.272 views

CVE-2020-24750

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

8.1CVSS7.7AI score0.02107EPSS
CVE
CVE
added 2019/11/08 3:15 p.m.260 views

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.5CVSS6AI score0.01412EPSS
CVE
CVE
added 2021/06/16 12:15 p.m.236 views

CVE-2021-30468

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to...

7.5CVSS7.4AI score0.00399EPSS
CVE
CVE
added 2020/08/25 6:15 p.m.199 views

CVE-2020-24616

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

8.1CVSS7.7AI score0.03783EPSS
CVE
CVE
added 2021/06/12 10:15 a.m.185 views

CVE-2021-31812

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

5.5CVSS5.6AI score0.0004EPSS
CVE
CVE
added 2021/06/12 10:15 a.m.178 views

CVE-2021-31811

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

5.5CVSS5.6AI score0.0041EPSS
CVE
CVE
added 2021/03/19 4:15 p.m.171 views

CVE-2021-27906

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5CVSS5.6AI score0.00543EPSS
CVE
CVE
added 2021/03/19 4:15 p.m.169 views

CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5CVSS5.6AI score0.00544EPSS
CVE
CVE
added 2020/11/12 1:15 p.m.149 views

CVE-2020-13954

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnera...

6.1CVSS6.4AI score0.15538EPSS
CVE
CVE
added 2021/03/31 8:15 a.m.148 views

CVE-2021-28657

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

5.5CVSS5.6AI score0.00478EPSS
CVE
CVE
added 2020/04/27 2:15 p.m.134 views

CVE-2020-9489

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to...

5.5CVSS6.2AI score0.0041EPSS
CVE
CVE
added 2020/03/23 2:15 p.m.132 views

CVE-2020-1950

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

5.5CVSS5.5AI score0.00557EPSS
CVE
CVE
added 2019/04/17 3:29 p.m.124 views

CVE-2019-0228

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

9.8CVSS8.9AI score0.07835EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.113 views

CVE-2014-7923

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look...

7.5CVSS9.5AI score0.02277EPSS
CVE
CVE
added 2020/03/23 2:15 p.m.104 views

CVE-2020-1951

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

5.5CVSS5.5AI score0.00341EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.87 views

CVE-2014-7926

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero...

7.5CVSS9.5AI score0.02277EPSS
CVE
CVE
added 2016/07/21 10:15 a.m.27 views

CVE-2016-5455

Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor.

5.3CVSS5.3AI score0.00433EPSS