12 matches found
CVE-2021-4104
CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...
CVE-2021-45105
Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...
CVE-2022-23302
CVE-2022-23302 affects Log4j 1.x JMSSink. TheDeserialization flaw allows remote code execution when an attacker can write to the Log4j configuration or when the configuration references an LDAP service the attacker controls. JMSSink can be triggered via a TopicConnectionFactoryBindingName to caus...
CVE-2022-23307
CVE-2022-23307 concerns a deserialization vulnerability in the Chainsaw component of Apache Log4j 1.x (Chainsaw bundled with Log4j 1.2.x). The root cause is unsafe deserialization of untrusted data via Chainsaw, allowing potential code execution. Multiple Atlassian products initially bundled Chai...
CVE-2022-23305
CVE-2022-23305 concerns Apache Log4j 1.x when configured with JDBCAppender: an SQL statement is built from a PatternLayout-converted value (notably %m), allowing an attacker to craft input to alter and potentially execute SQL. The issue is specific to Log4j 1.x if JDBCAppender is used; JDBCAppend...
CVE-2020-7760
This CVE-2020-7760 affects CodeMirror prior to 5.58.2 (and org.apache.marmotta.webjars:codemirror) with a ReDOs vulnerability in a JavaScript mode regex (sub-pattern (s|/. ?/) ). IBM’s bulletin confirms the same issue and notes watsonx.data is affected (version 2.2.1) and that remediation is to u...
CVE-2019-2927
CVE-2019-2927 concerns Oracle Hyperion Data Relationship Management (component: Access and Security). Affected product/version: Hyperion DRM 11.1.2.4. The issue is exploitable over HTTP with network access by a high-privilege attacker; user interaction is required for successful exploitation and ...
CVE-2018-2610
CVE-2018-2610 affects Oracle Hyperion Data Relationship Management, subcomponent Access and security , specifically the affected product/version: Hyperion Data Relationship Management 11.1.2.4.330. The vulnerability description states an unauthenticated attacker with network access over HTTP can ...
CVE-2025-21569
CVE-2025-21569 affects Oracle Hyperion Data Relationship Management 11.2.19.0.000 (Web Services). The vulnerability exists in the Web Services component and can allow a high-privileged attacker with network access via HTTP to compromise the system, potentially taking over the application. The CVS...
CVE-2018-2915
CVE-2018-2915 affects Oracle Hyperion Data Relationship Management (DRM), specifically the Access and security subcomponent in version 11.1.2.4.330. The available descriptions consistently state a vulnerability that an unauthenticated attacker can exploit over HTTPS to read data from DRM, with th...
CVE-2025-21568
CVE-2025-21568 affects Oracle Hyperion Data Relationship Management, component Access and Security , version 11.2.19.0.000. A high-privilege attacker with network access via HTTP can compromise the system; exploitation requires user interaction. Impact is unauthorized access to critical data or f...
CVE-2018-3208
Summary: CVE-2018-3208 affects the Oracle Hyperion Data Relationship Management component, specifically the Access and Security subcomponent, in version 11.1.2.4.345. The vulnerability is exploitable by a low-privilege attacker who has network access via HTTP, potentially leading to unauthorized ...