Financial Services Crime And Compliance Management Studio Security Vulnerabilities and Issues — Financial Services Crime And Compliance Management Studio CVE List

Lucene search

OracleFinancial Services Crime And Compliance Management Studio

10 matches found

CVE•added 2021/08/18 3:15 p.m.•506 views

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancell...

7.5CVSS7.3AI score0.00591EPSS

CVE•added 2021/02/15 1:15 p.m.•486 views

CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

7.2CVSS7.2AI score0.00859EPSS

CVE•added 2021/07/13 8:15 a.m.•384 views

CVE-2021-36090

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

7.5CVSS7.5AI score0.00279EPSS

CVE•added 2021/07/15 5:15 p.m.•358 views

CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

5.3CVSS5.4AI score0.93799EPSS

CVE•added 2021/07/13 8:15 a.m.•303 views

CVE-2021-35515

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

7.5CVSS7.2AI score0.00107EPSS

CVE•added 2021/07/13 8:15 a.m.•299 views

CVE-2021-35517

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

7.5CVSS7.5AI score0.0028EPSS

CVE•added 2021/07/13 8:15 a.m.•277 views

CVE-2021-35516

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

7.5CVSS7.3AI score0.00277EPSS

CVE•added 2021/02/15 11:15 a.m.•260 views

CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

5.3CVSS6AI score0.00202EPSS

CVE•added 2021/01/26 6:16 p.m.•139 views

CVE-2020-9492

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.

8.8CVSS8.4AI score0.00085EPSS

CVE•added 2021/09/17 9:15 a.m.•108 views

CVE-2021-41303

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

9.8CVSS9.4AI score0.48734EPSS