Lucene search
K
OracleData Integrator

37 matches found

CVE
CVE
added 2021/12/18 11:55 a.m.1182 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2020/12/10 10:10 p.m.1016 views

CVE-2020-8908

CVE-2020-8908 (Guava) : A temp directory creation vulnerability exists in all Guava versions where guava’s API com.google.common.io.Files.createTempDir() creates temporary directories that are world-readable on Unix-like systems. The issue arises because the temp dir permissions are not restricte...

3.3CVSS6.3AI score0.00964EPSS
CVE
CVE
added 2020/12/02 4:20 p.m.883 views

CVE-2020-13956

CVE-2020-13956 affects Apache HttpClient prior to 4.5.13 and 5.0.3. A malformed authority component in request URIs, when passed as a java.net.URI, can cause the client to misinterpret the target host and execute the request against an unintended host. This represents a misrouting vulnerability i...

5.3CVSS5.9AI score0.08665EPSS
CVE
CVE
added 2020/04/27 3:36 p.m.523 views

CVE-2020-9488

CVE-2020-9488 affects the Apache Log4j2 SMTP appender. The issue is improper validation of the SSL/TLS certificate when the host name does not match, potentially allowing a man-in-the-middle to intercept SMTPS traffic and leak log messages. The concrete remediation is to upgrade to affected relea...

4.3CVSS6AI score0.07814EPSS
CVE
CVE
added 2020/05/01 6:55 p.m.500 views

CVE-2020-10683

CVE-2020-10683 is described in IBM Bulletin sources as an XXE vulnerability in the dom4j library, allowing a remote authenticated attacker to obtain sensitive information through XML processing. The issue stems from dom4j handling External DTDs/Entities by default, and multiple IBM entries map th...

9.8CVSS9.2AI score0.07269EPSS
CVE
CVE
added 2020/05/14 3:57 p.m.448 views

CVE-2020-1945

This CVE (CVE-2020-1945) affects Apache Ant. Connected Arch Linux advisory ASA-202005-15 confirms the vulnerability exists in ant before version 1.10.8-1, where Ant uses java.io.tmpdir for several tasks and can leak sensitive information. The fixcrlf and replaceregexp tasks may copy files from th...

6.3CVSS6.8AI score0.01793EPSS
CVE
CVE
added 2017/01/30 4:24 a.m.356 views

CVE-2017-5611

CVE-2017-5611 is a SQL injection vulnerability in WordPress WP_Query (wp-includes/class-wp-query.php) that affects WordPress up to version 4.7.1 (pre-4.7.2). The root cause is insufficient sanitization of the post type name, enabling remote attackers to execute arbitrary SQL commands. Connected N...

9.8CVSS9.7AI score0.09933EPSS
In wild
CVE
CVE
added 2019/04/22 8:14 p.m.351 views

CVE-2019-10247

CVE-2019-10247 affects Eclipse Jetty when configured to list contexts in 404 responses. Jetty versions 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older disclose the fully qualified directory base resource location in the HTML output of a not-found Context, via the DefaultHandler...

5.3CVSS6AI score0.05782EPSS
CVE
CVE
added 2019/10/15 1:42 p.m.328 views

CVE-2019-17195

IBM’s security bulletin for IBM Robotic Process Automation for Cloud Pak identifies CVE-2019-17195 as Nimbus JOSE+JWT vulnerability (uncaught JWT parsing exceptions) that could crash the application or leak information. Affected product: IBM Robotic Process Automation for Cloud Pak versions prior...

9.8CVSS9.2AI score0.11032EPSS
CVE
CVE
added 2020/10/01 7:24 p.m.314 views

CVE-2020-11979

CVE-2020-11979 affects Apache Ant 1.10.8. The mitigation for CVE-2020-1945 changed temp-file permissions, but the fixcrlf task deleted the temp file and recreated it without protection, enabling an attacker to inject modified source files during builds. Connected advisories confirm the issue and ...

7.5CVSS6.9AI score0.08235EPSS
CVE
CVE
added 2020/12/27 4:32 a.m.308 views

CVE-2020-35728

CVE-2020-35728 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, where improper interaction between serialization gadgets and typing (related to embedded Xalan/JNDIConnectionPool) is described. The IBM bulletin (CVE list) confirms this vulnerability and its description, but does not provi...

8.1CVSS7.7AI score0.12504EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.306 views

CVE-2020-36180

The connected documents confirm CVE-2020-36180 affects FasterXML jackson-databind 2.x before 2.9.10.8, due to mishandling of interaction between serialization gadgets and typing, specifically involving DriverAdapterCPDS in org.apache.commons.dbcp2.cpdsadapter (and related CPDS drivers). A public ...

8.8CVSS7.7AI score0.05041EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.294 views

CVE-2020-36179

CVE-2020-36179 affects FasterXML Jackson Databind (2.x) prior to 2.9.10.8, where the interaction between serialization gadgets and typing (notably involving DriverAdapterCPDS variants) is mishandled. Several connected advisories corroborate an insecure-deserialization pattern that can be triggere...

8.8CVSS7.7AI score0.20929EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.291 views

CVE-2020-36182

CVE-2020-36182 affects FasterXML jackson-databind 2.x before 2.9.10.8, due to mishandling of serialization gadgets and typing involving DriverAdapterCPDS (org.apache.tomcat.dbcp.dbcp2.cpdsadapter). Do not speculate on exploitability beyond what is stated; some sources (e.g., Debian LTS advisory) ...

8.8CVSS7.7AI score0.05018EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.291 views

CVE-2020-36183

CVE-2020-36183 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, due to mishandling of interaction between serialization gadgets and typing (JNDIConnectionPool gadget chain). Reported in IBM/X-Force and mirrored in Astra Linux bulletin; impact can be high (deserialization-based). Affected...

8.1CVSS7.7AI score0.0489EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.290 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2021/01/06 10:30 p.m.289 views

CVE-2020-36184

CVE-2020-36184 affects FasterXML jackson-databind 2.x before 2.9.10.8. The connected documents describe a vulnerability arising from the interaction between serialization gadgets and typing, tied to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (and related datasource classes). T...

8.8CVSS7.7AI score0.10379EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.285 views

CVE-2020-36185

CVE-2020-36185 is a Jackson Databind v2.x vulnerability (pre-2.9.10.8) where deserialization gadgets interact with typing, linked to SharedPoolDataSource/JNDI-related classes. Affected: jackson-databind 2.x before 2.9.10.8. Impact includes potential remote code execution via gadget chains. Remedi...

8.1CVSS7.7AI score0.05218EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.280 views

CVE-2020-36181

Consolidated evidence shows CVE-2020-36181 affects FasterXML jackson-databind 2.x before 2.9.10.8. The vulnerability arises from mishandling the interaction between serialization gadgets and typing, specifically related to DriverAdapterCPDS classes (notably org.apache.tomcat.dbcp.dbcp.cpdsadapter...

8.8CVSS7.7AI score0.05018EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.280 views

CVE-2020-36188

The CVE-2020-36188 issue affects FasterXML jackson-databind 2.x prior to 2.9.10.8, caused by mis-handling serialization gadgets in combination with typing (notably involving com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource). The vulnerability is described across multiple source...

8.1CVSS7.7AI score0.10911EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.278 views

CVE-2020-36186

CVE-2020-36186 affects FasterXML jackson-databind 2.x up to before 2.9.10.8, where serialization gadgets and typing handling interact incorrectly in the presence of PerUserPoolDataSource (org.apache.tomcat.dbcp.dbcp.datasources). This deserialization-related flaw can impact confidentiality, integ...

8.1CVSS7.7AI score0.05218EPSS
CVE
CVE
added 2018/07/09 8:0 p.m.275 views

CVE-2018-1000613

CVE-2018-1000613 concerns Legion of the Bouncy Castle Java Cryptography APIs (BC) 1.58–1.59 up to, but not including, 1.60. It is a CWE-470 Unsafe Reflection vulnerability in XMSS/XMSS^MT private key deserialization, which can allow a remote attacker to execute arbitrary code by crafting a privat...

9.8CVSS8.6AI score0.04767EPSS
CVE
CVE
added 2021/01/06 10:29 p.m.271 views

CVE-2020-36187

CVE-2020-36187 affects FasterXML jackson-databind 2.x before 2.9.10.8. The root cause is a mishandling of the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. The connected Astra Linux bulletin mirrors this description....

8.1CVSS7.7AI score0.05195EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.238 views

CVE-2021-2351

CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...

8.3CVSS8.5AI score0.025EPSS
CVE
CVE
added 2019/10/08 1:39 p.m.196 views

CVE-2019-17359

The CVE-2019-17359 entry concerns Bouncy Castle Crypto (BC Java) 1.63. The vulnerability lies in the ASN.1 parser, which can trigger a large memory allocation leading to a memory exhaustion/OutOfMemoryError via crafted ASN.1 data. Affected product: BC Java 1.63; fixed in BC Java 1.64. The issue i...

7.5CVSS8.1AI score0.08878EPSS
CVE
CVE
added 2018/05/24 4:0 p.m.189 views

CVE-2018-8013

Apache Batik 1.x before 1.10 is vulnerable to information disclosure via deserializing a subclass of AbstractDocument, where inputStream-derived class name is used to invoke a no-arg constructor. The fix is to validate the class type before newInstance during deserialization; remediation is to up...

9.8CVSS8.6AI score0.19523EPSS
CVE
CVE
added 2019/04/22 8:14 p.m.127 views

CVE-2019-10246

CVE-2019-10246 is described in connected IBM security bulletins as an Eclipse Jetty vulnerability where a server configured to Listing directory contents could expose the fully-qualified Base Resource directory name to remote clients, potentially revealing sensitive information. IBM Cognos Analyt...

5.3CVSS5.6AI score0.04016EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.88 views

CVE-2021-2018

CVE-2021-2018 affects Oracle Database Server’s Advanced Networking Option. Affected: Oracle Database Server 18c and 19c. Root cause per documented material: vulnerability in the Advanced Networking Option component; attacker can exploit via Oracle Net with network access, requiring no authenticat...

8.3CVSS8.3AI score0.01441EPSS
CVE
CVE
added 2017/04/06 9:0 p.m.67 views

CVE-2015-8965

CVE-2015-8965 affects Rogue Wave JViews (before 8.8 patch 21 and before 8.9 patch 1). The vulnerability stems from ilog.views.faces.IlvFacesController in jviews-framework-all.jar not requiring explicit configuration for servlets, enabling remote attackers to execute arbitrary Java code from the c...

9.8CVSS9.8AI score0.02748EPSS
CVE
CVE
added 2018/02/22 7:0 p.m.66 views

CVE-2018-7318

The CVE-2018-7318 entry corresponds to Joomla! CheckList 1.1.1 (and earlier) with a SQL injection flaw exposed via title_search, tag_search, name_search, description_search, and filter_order. The root cause is improper handling of user-supplied inputs in these parameters, enabling attacker-contro...

9.8CVSS9.8AI score0.09023EPSS
CVE
CVE
added 2018/05/22 8:0 p.m.66 views

CVE-2018-9019

Dolibarr before 7.0.2 is vulnerable to SQL Injection via the sortfield parameter in multiple admin scripts (e.g., accountmodel.php, categories_list.php, journals_list.php, dict.php, mails_templates.php, website.php). The underlying issue is unsafely concatenated SQL in these endpoints, enabling r...

9.8CVSS10AI score0.03959EPSS
Web
CVE
CVE
added 2021/01/20 2:50 p.m.63 views

CVE-2021-2015

CVE-2021-2015 affects Oracle E-Business Suite, specifically the Oracle Workflow component (Worklist). Affected versions are 12.2.3–12.2.10. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Workflow, with exploitation requiring user interaction...

8.2CVSS8.4AI score0.01169EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.58 views

CVE-2019-2720

The CVE-2019-2720 entry concerns Oracle Fusion Middleware’s Oracle Data Integrator (ODI Tools). Affected versions are 11.1.1.9.0 and 12.2.1.3.0. The vulnerability allows a low-privileged, network-originating attacker (HTTP) to read a subset of ODI data. The provided sources do not include exploit...

3.5CVSS3AI score0.00802EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.55 views

CVE-2019-2943

CVE-2019-2943 affects Oracle Data Integrator Studio (component) in Oracle Fusion Middleware, version 12.2.1.3.0. The vulnerability allows a low-privileged user with network access via HTTP to access or compromise Oracle Data Integrator data. The CVSS v3.0 base score is 6.5 (Confidentiality impact...

6.5CVSS6.2AI score0.01494EPSS
CVE
CVE
added 2016/10/25 2:0 p.m.47 views

CVE-2016-5602

Technical details about CVE-2016-5602 are not publicly available in the provided connected documents. Monitor for updates from official advisories to obtain affected products, impact, and remediation information.

5.7CVSS5.1AI score0.01618EPSS
CVE
CVE
added 2016/10/25 2:0 p.m.46 views

CVE-2016-5618

CVE-2016-5618 affects Oracle Fusion Middleware’s Oracle Data Integrator (ODI) component, specifically via the Code Generation Engine. Affected versions include ODI in 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0. The vulnerability is described as allowing remote auth...

3.5CVSS3.9AI score0.01334EPSS
CVE
CVE
added 2026/06/16 7:26 p.m.11 views

CVE-2026-35262

Technical details about CVE-2026-35262 are not publicly available in the provided documents; no affected products, root cause, or remediation are specified here. Monitor for updates.

8.3CVSS5.1AI score0.00387EPSS