45 matches found
CVE-2018-10237
CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...
CVE-2017-5645
CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...
CVE-2019-13990
CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...
CVE-2018-1000632
CVE-2018-1000632 affects dom4j prior to 2.1.1 with an XML Injection (CWE-91) in Element methods addElement/addAttribute. An attacker could tamper XML content via crafted attributes/elements. The issue is fixed in 2.1.1+, and IBM/IOC advisories indicate upgrading dom4j (e.g., to 2.1.4 in IOC) to a...
CVE-2020-1945
This CVE (CVE-2020-1945) affects Apache Ant. Connected Arch Linux advisory ASA-202005-15 confirms the vulnerability exists in ant before version 1.10.8-1, where Ant uses java.io.tmpdir for several tasks and can leak sensitive information. The fixcrlf and replaceregexp tasks may copy files from th...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2021-2351
CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...
CVE-2019-12402
CVE-2019-12402 affects Apache Commons Compress 1.15–1.18, where the internal file-name encoding can loop infinitely and cause DoS when processing crafted archives. Connected docs show multiple vendors referencing this CVE in product advisories (e.g., Atlassian Confluence with dependency notes; IB...
CVE-2019-2736
CVE-2019-2736 affects the Oracle FLEXCUBE Investor Servicing component (Infrastructure subcomponent) of Oracle Financial Services Applications. Affected versions include 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. The vulnerability allows an unauthenticated attacker with ne...
CVE-2019-2847
CVE-2019-2847 affects Oracle FLEXCUBE Investor Servicing (Infrastructure subcomponent) in Oracle Financial Services Applications. Affected versions: 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0. The vulnerability allows a low-privileged attacker with network access via HTTP to c...
CVE-2019-2843
Vulnerability CVE-2019-2843 affects Oracle FLEXCUBE Investor Servicing (Infrastructure subcomponent). Affected versions include 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. The flaw allows a low-privileged attacker with network access via HTTP to compromise data: unauthorize...
CVE-2017-3488
CVE-2017-3488 concerns Oracle FLEXCUBE Investor Servicing, specifically the Unit Trust subcomponent, and affects multiple supported releases (12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0, 12.3.0). The connected documents describe a vulnerability that enables a low-privileged attacker with netwo...
CVE-2018-2747
Oracle Financial Services Applications – Banking Corporate Lending Core module (versions 12.3.0, 12.4.0, 12.5.0 and 14.0.0) is affected by CVE-2018-2747. A low-privilege, network-accessible attacker via HTTP can access data in the Banking Corporate Lending component, leading to potential unauthor...
CVE-2018-2748
CVE-2018-2748 affects Oracle Banking Corporate Lending (Core module) within Oracle Financial Services Applications. Affected versions include 12.3.0, 12.4.0, 12.5.0 and 14.0.0. The vulnerability is exploitable over HTTP by an unauthenticated attacker and, per the description, requires user intera...
CVE-2020-2720
CVE-2020-2720 affects Oracle FLEXCUBE Investor Servicing (Oracle Financial Services Applications), specifically the Infrastructure component, with affected versions 12.1.0-12.4.0 and 14.0.0-14.1.0. The vulnerability enables a low-privilege, unauthenticated or minimally authenticated attacker with...
CVE-2020-2722
Oracle FLEXCUBE Investor Servicing (Infrastructure) is affected in versions 12.1.0–12.4.0 and 14.0.0–14.1.0. The issue relates to inadequate access controls, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can lead to unauthorized upd...
CVE-2018-2746
The CVE-2018-2746 entry refers to a vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (Core module). Affected are versions 12.3.0, 12.4.0, 12.5.0 and 14.0.0. The vulnerability can be exploited by a low-privileged attacker with network access...
CVE-2016-8315
CVE-2016-8315 is a vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Affected versions include 12.0.1, 12.0.2, 12.0.4, 12.1.0 and 12.3.0. The issue allows a low-privileged attacker with network access v...
CVE-2017-3487
CVE-2017-3487 affects Oracle FLEXCUBE Investor Servicing (Unit Trust subcomponent) in Oracle Financial Services Applications. Affected versions are 12.0.1–12.3.0. The vulnerability is exploitable by a low-privilege, remote attacker over HTTP to modify data, with the potential for unauthorized upd...
CVE-2018-3031
CVE-2018-3031 affects Oracle FLEXCUBE Investor Servicing (Infrastructure subcomponent) on versions 12.0.4, 12.1.0, 12.3.0 and 12.4.0. The vulnerability enables a low-privileged, network-accessible attacker (via HTTP) to modify or delete certain data and cause partial denial of service. CVSS v3.0 ...
CVE-2018-2749
CVE-2018-2749 : Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (Core module). Affected versions: 12.3.0, 12.4.0, 12.5.0, and 14.0.0. An attacker with network access via HTTP and low privileges can exploit this flaw, with user interaction ...
CVE-2019-2841
Affected product: Oracle FLEXCUBE Investor Servicing (Infrastructure subcomponent) within Oracle Financial Services Applications. Affected versions: 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0. External access over HTTP with low privileges could lead to unauthorized creation, d...
CVE-2019-2846
CVE-2019-2846 affects Oracle FLEXCUBE Investor Servicing (Infrastructure subcomponent) within Oracle Financial Services Applications. Affected versions include 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. The vulnerability allows an unauthenticated attacker with network acce...
CVE-2020-14569
CVE-2020-14569 affects Oracle Financial Services Applications — FLEXCUBE Investor Servicing (Infrastructure). Affected versions: 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0. The vulnerability allows a low-privilege attacker with network access via HTTP to compromise FLEXCUBE Investor Servicing, potent...
CVE-2016-5509
CVE-2016-5509 affects Oracle FLEXCUBE Investor Servicing (Core) in Oracle Financial Services Applications. Affected versions are 12.0.1, 12.0.2, 12.0.4, 12.1.0 and 12.3.0. The vulnerability is exploitable by a low-privilege attacker with network access via HTTP, potentially resulting in unauthori...
CVE-2020-2723
The CVE-2020-2723 entry relates to Oracle FLEXCUBE Investor Servicing (Infrastructure) with affected versions 12.1.0–12.4.0 and 14.0.0–14.1.0. The vulnerability permits a low-privileged, network-accessible attacker over HTTP to gain unauthorized access to sensitive data and potentially perform un...
CVE-2020-2724
CVE-2020-2724 affects Oracle FLEXCUBE Investor Servicing (Oracle Financial Services Applications), specifically the Infrastructure component. AFFECTED VERSIONS: 12.1.0–12.4.0 and 14.0.0–14.1.0. ROOT CAUSE: a low-privilege, network-accessible (HTTP) vulnerability that can lead to unauthorized read...
CVE-2018-3035
CVE-2018-3035 affects Oracle’s FLEXCUBE Investor Servicing (Infrastructure) with affected versions 12.0.4, 12.1.0, 12.3.0 and 12.4.0. The vulnerability allows a low-privilege, unauthenticated attacker with network access over HTTP to compromise FLEXCUBE Investor Servicing, potentially enabling un...
CVE-2018-2898
CVE-2018-2898 affects Oracle FLEXCUBE Investor Servicing (Infrastructure) with affected versions 12.0.4, 12.1.0, 12.3.0 and 12.4.0. An unauthenticated attacker with network access via HTTP can compromise the component, but attacks require user interaction. Impact includes unauthorized update/inse...
CVE-2018-3034
CVE-2018-3034 affects Oracle FLEXCUBE Investor Servicing (Infrastructure subcomponent) across versions 12.0.4, 12.1.0, 12.3.0 and 12.4.0. The vulnerability allows a low-privilege, network-accessible attacker (HTTP) to compromise the service, with exploitation requiring user interaction. Consequen...
CVE-2019-2845
CVE-2019-2845 affects Oracle FLEXCUBE Investor Servicing (Infrastructure subcomponent) in Oracle Financial Services Applications. Affected versions: 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0. It is described as easily exploitable: a low-privileged attacker with network access...
CVE-2016-8306
CVE-2016-8306 affects the Oracle FLEXCUBE Investor Servicing component (subcomponent: Core) in Oracle Financial Services Applications. Affected versions are 12.0.1, 12.0.2, 12.0.4, 12.1.0, and 12.3.0. The vulnerability allows a low-privilege, network-accessible attacker over HTTP to perform unaut...
CVE-2016-8317
CVE-2016-8317 affects Oracle FLEXCUBE Investor Servicing (Unit Trust subcomponent) in Oracle Financial Services Applications. Affects supported versions 12.0.1, 12.0.2, 12.0.4, 12.1.0 and 12.3.0. The vulnerability enables a low-privilege user who has network access via HTTP to compromise the serv...
CVE-2017-3489
CVE-2017-3489 affects Oracle FLEXCUBE Investor Servicing (Security Management System subcomponent) within Oracle Financial Services Applications. Affected versions include 12.0.1–12.3.0. The vulnerability allows a low-privileged, network-accessible attacker (HTTP) to perform unauthorized update/i...
CVE-2016-8316
CVE-2016-8316 : Vulnerability in the Oracle FLEXCUBE Investor Servicing (Core) component. Affected versions: 12.0.1, 12.0.2, 12.0.4, 12.1.0, 12.3.0. An attacker with network access via HTTP and low privileges can exploit the issue, with user interaction required, to cause unauthorized updates, in...
CVE-2017-3288
CVE-2017-3288 affects Oracle FLEXCUBE Investor Servicing (Unit Trust) in Oracle Financial Services Applications. Publicly affected versions are 12.0.1–12.3.0. The vulnerability allows a low-privileged attacker with network access over HTTP to compromise data: unauthorized update/insert/delete on ...
CVE-2018-3028
CVE-2018-3028 affects the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications . Affected versions are 12.0.4, 12.1.0, 12.3.0 and 12.4.0 . The vulnerability allows a low-privileged attacker with network access via HTTP to compromise the service, leading to possib...
CVE-2020-2721
CVE-2020-2721 describes a vulnerability in Oracle FLEXCUBE Investor Servicing (Infrastructure). Affected versions are 12.1.0-12.4.0 and 14.0.0-14.1.0. The issue allows a low-privileged attacker who can access the system over HTTP to compromise Oracle FLEXCUBE Investor Servicing, potentially leadi...
CVE-2016-8309
CVE-2016-8309 is a vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (Core). Affected versions are 12.0.1, 12.0.2, 12.0.4, 12.1.0 and 12.3.0. The vulnerability is triggered by remote, network-accessible HTTP input allowing a low-privilege ...
CVE-2016-8319
CVE-2016-8319 affects the Oracle FLEXCUBE Investor Servicing component (subcomponent: Core) in Oracle Financial Services Applications. Affected versions: 12.0.1, 12.0.2, 12.0.4, 12.1.0 and 12.3.0. The vulnerability allows an unauthenticated attacker who can reach the service over HTTP to compromi...
CVE-2018-3030
CVE-2018-3030 affects Oracle FLEXCUBE Investor Servicing (Oracle Financial Services Applications, Infrastructure subcomponent). Affected versions are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. An attacker with network access over HTTP and low privileges can cause a hang or frequent crash (complete DoS). ...
CVE-2018-3029
CVE-2018-3029 affects the Oracle FLEXCUBE Investor Servicing component (subcomponent: Infrastructure) in Oracle Financial Services Applications. Affected versions are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise...
CVE-2018-3032
CVE-2018-3032 affects Oracle FLEXCUBE Investor Servicing (Infrastructure) with affected versions 12.0.4, 12.1.0, 12.3.0, 12.4.0. The vulnerability allows a low-privileged, network-accessible attacker (HTTP) to potentially update/insert/delete and read certain data. CVSS v3.0 base score is 5.4 (Co...
CVE-2018-3033
Affected product: Oracle FLEXCUBE Investor Servicing (Infrastructure) in Oracle Financial Services Applications. Vulnerable versions: 12.0.4, 12.1.0, 12.3.0, 12.4.0. Risk and impact: Low-privilege attacker with HTTP network access can compromise the service, leading to unauthorized access to sens...
CVE-2026-21973
The CVE-2026-21973 entry concerns Oracle FLEXCUBE Investor Servicing (Security Management System). Affected versions 14.5.0.15.0, 14.7.0.8.0, 14.8.0.1.0 are vulnerable. A low-privileged attacker with network access via HTTP can compromise the system, potentially leading to unauthorized creation, ...