Essbase Security Vulnerabilities and Issues — Essbase CVE List

Lucene search

OracleEssbase

22 matches found

CVE•added 2021/02/16 5:15 p.m.•1905 views

CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if t...

5.9CVSS7AI score0.00665EPSS

CVE•added 2020/12/08 4:15 p.m.•1003 views

CVE-2020-1971

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrec...

5.9CVSS5.7AI score0.00345EPSS

CVE•added 2021/03/25 3:15 p.m.•749 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15517EPSS

CVE•added 2021/08/24 3:15 p.m.•630 views

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size req...

9.8CVSS9.9AI score0.02876EPSS

CVE•added 2021/08/24 3:15 p.m.•607 views

CVE-2021-3712

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byt...

7.4CVSS8AI score0.00814EPSS

CVE•added 2020/12/14 8:15 p.m.•492 views

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

7.5CVSS7.6AI score0.00161EPSS

CVE•added 2021/04/01 6:15 p.m.•395 views

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header fiel...

5.3CVSS5.7AI score0.00097EPSS

CVE•added 2021/06/11 4:15 p.m.•365 views

CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uni...

3.1CVSS5.3AI score0.00113EPSS

CVE•added 2020/12/14 8:15 p.m.•349 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service bann...

4.3CVSS6AI score0.00067EPSS

CVE•added 2021/04/01 6:15 p.m.•324 views

CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived fro...

4.3CVSS4.9AI score0.00143EPSS

CVE•added 2020/12/14 8:15 p.m.•297 views

CVE-2020-8285

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

7.5CVSS7.7AI score0.00624EPSS

CVE•added 2019/11/08 3:15 p.m.•230 views

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.5CVSS6AI score0.01915EPSS

CVE•added 2021/06/11 4:15 p.m.•220 views

CVE-2021-22901

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. Wh...

8.1CVSS8.2AI score0.00272EPSS

CVE•added 2019/08/30 9:15 a.m.•191 views

CVE-2019-12402

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

7.5CVSS7.1AI score0.00149EPSS

CVE•added 2021/06/11 4:15 p.m.•165 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS5.5AI score0.00761EPSS

CVE•added 2020/10/30 11:15 a.m.•144 views

CVE-2020-7760

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vu...

7.5CVSS6.1AI score0.0034EPSS

CVE•added 2021/05/20 2:15 a.m.•126 views

CVE-2021-20718

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.

7.5CVSS7.2AI score0.0306EPSS

CVE•added 2022/07/19 10:15 p.m.•52 views

CVE-2022-21508

Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Essbase executes to compromise Oracle Essbase. Successful attacks re...

5.8CVSS5.4AI score0.00497EPSS

CVE•added 2023/04/18 8:15 p.m.•47 views

CVE-2023-21943

Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a p...

5.3CVSS5AI score0.00293EPSS

CVE•added 2023/07/18 9:15 p.m.•47 views

CVE-2023-22010

Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can re...

2.2CVSS1.9AI score0.00182EPSS

CVE•added 2023/04/18 8:15 p.m.•39 views

CVE-2023-21944

5.3CVSS5AI score0.00293EPSS

CVE•added 2023/04/18 8:15 p.m.•38 views

CVE-2023-21942

5.3CVSS5AI score0.00293EPSS