Lucene search
K
OracleHyperion Infrastructure Technology

35 matches found

CVE
CVE
added 2020/08/07 3:27 p.m.11977 views

CVE-2020-11984

CVE-2020-11984 affects Apache HTTP Server mod_proxy_uwsgi. Based on the provided documents, it is a vulnerability in httpd’s uwsgi handling that can lead to information disclosure and potentially remote code execution. The vulnerability was reported for Apache HTTP Server versions around 2.4.32 t...

9.8CVSS9.3AI score0.90039EPSS
In wild
CVE
CVE
added 2020/08/07 3:24 p.m.3196 views

CVE-2020-9490

CVE-2020-9490 affects Apache HTTP Server versions 2.4.20–2.4.43. A specially crafted value for the Cache-Digest header in an HTTP/2 request could cause a crash when the server subsequently attempts to HTTP/2 PUSH a resource. Mitigation for unpatched servers is to disable HTTP/2 PUSH via H2Push of...

7.5CVSS8.3AI score0.89744EPSS
In wild
CVE
CVE
added 2020/08/07 3:32 p.m.3073 views

CVE-2020-11993

CVE-2020-11993 affects Apache HTTP Server 2.4.20–2.4.43: when trace/debug is enabled for the HTTP/2 module and certain traffic patterns, logging can be performed on the wrong connection, leading to concurrent use of memory pools. Mitigation in public advisories: set LogLevel for mod_http2 above i...

7.5CVSS8.6AI score0.58716EPSS
In wild
CVE
CVE
added 2020/02/24 9:11 p.m.1472 views

CVE-2020-1935

CVE-2020-1935 affects Apache Tomcat across multiple branches: 9.0.0.M1–9.0.30, 8.5.0–8.5.50, and 7.0.0–7.0.99. It stems from HTTP header parsing that can mishandle end-of-line and Transfer-Encoding, enabling HTTP Request Smuggling when Tomcat sits behind certain reverse proxies. Impact is informa...

5.8CVSS7.4AI score0.09386EPSS
CVE
CVE
added 2021/12/14 12:0 a.m.1435 views

CVE-2021-4104

CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...

7.5CVSS9.4AI score0.81147EPSS
In wildWeb
CVE
CVE
added 2019/12/23 4:39 p.m.1242 views

CVE-2019-17563

Tomcat CVE-2019-17563: A race-condition in FORM authentication allowed a session-fixation window in Tomcat 9.0.0.M1–9.0.29, 8.5.0–8.5.49, and 7.0.0–7.0.98. The issue is acknowledged as a vulnerability with practical exploitation not detailed in the provided docs. Affected products: Apache Tomcat....

7.5CVSS7.7AI score0.10687EPSS
CVE
CVE
added 2021/12/18 11:55 a.m.1185 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2022/01/18 3:25 p.m.851 views

CVE-2022-23302

CVE-2022-23302 affects Log4j 1.x JMSSink. TheDeserialization flaw allows remote code execution when an attacker can write to the Log4j configuration or when the configuration references an LDAP service the attacker controls. JMSSink can be triggered via a TopicConnectionFactoryBindingName to caus...

8.8CVSS9.3AI score0.61785EPSS
CVE
CVE
added 2019/02/04 7:0 a.m.811 views

CVE-2019-7317

CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...

5.3CVSS6.3AI score0.09393EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.791 views

CVE-2022-23307

CVE-2022-23307 concerns a deserialization vulnerability in the Chainsaw component of Apache Log4j 1.x (Chainsaw bundled with Log4j 1.2.x). The root cause is unsafe deserialization of untrusted data via Chainsaw, allowing potential code execution. Multiple Atlassian products initially bundled Chai...

9CVSS9.2AI score0.52458EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.732 views

CVE-2022-23305

CVE-2022-23305 concerns Apache Log4j 1.x when configured with JDBCAppender: an SQL statement is built from a PatternLayout-converted value (notably %m), allowing an attacker to craft input to alter and potentially execute SQL. The issue is specific to Log4j 1.x if JDBCAppender is used; JDBCAppend...

9.8CVSS9.4AI score0.66537EPSS
Web
CVE
CVE
added 2019/06/19 10:24 p.m.648 views

CVE-2019-2729

CVE-2019-2729 affects Oracle WebLogic Server (Web Services component) with unauthenticated remote code execution via deserialization. Affected versions are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability stems from improper deserialization (WebLogic Web Services / XMLDecoder context) an...

9.8CVSS9.4AI score0.8883EPSS
In wild
CVE
CVE
added 2020/06/27 11:39 a.m.591 views

CVE-2020-15358

CVE-2020-15358 (SQLite) affects the SQLite library, specifically the query engine path in select.c where the query-flattener optimization mishandles constant propagation for multiSelectOrderBy. The root cause is a mishandling of transitive properties during constant propagation, leading to a heap...

5.5CVSS6.8AI score0.01027EPSS
CVE
CVE
added 2019/07/26 12:0 a.m.585 views

CVE-2019-13990

CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...

9.8CVSS9AI score0.162EPSS
CVE
CVE
added 2020/11/28 12:0 a.m.519 views

CVE-2020-27218

CVE-2020-27218 affects Eclipse Jetty 9.4.x (9.4.0.RC0–9.4.34.v20201102), 10.x (10.0.0.alpha0–beta2), and 11.x (11.0.0.alpha0–beta2). When GZIP request body inflation is enabled and requests from different clients are multiplexed on one connection, an attacker who can send a body that is received ...

5.8CVSS5.1AI score0.08113EPSS
CVE
CVE
added 2020/04/09 2:49 a.m.509 views

CVE-2020-11655

SQLite through 3.31.1 is vulnerable to denial of service via a malformed window-function query caused by improper AggInfo initialization (CVE-2020-11655). Affected is the sqlite3 library used across distributions and apps; exploitation leads to segmentation faults. Remediation in the connected ad...

7.5CVSS7.9AI score0.04856EPSS
CVE
CVE
added 2020/04/09 2:49 a.m.441 views

CVE-2020-11656

CVE-2020-11656 affects SQLite up to version 3.31.1, where the ALTER TABLE implementation has a use-after-free, demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. Affected products/contexts in the linked documents consistently reference SQLite 3.31.1 or earlier. Some s...

9.8CVSS9.1AI score0.07407EPSS
CVE
CVE
added 2020/02/21 9:25 p.m.379 views

CVE-2020-9327

The CVE-2020-9327 entry concerns SQLite 3.31.1. A NULL pointer dereference can be triggered by isAuxiliaryVtabOperator due to generated column optimizations, potentially causing a segmentation fault. The connected Astra Linux security bulletin confirms the same SQLite 3.31.1 issue but provides no...

7.5CVSS7.8AI score0.03683EPSS
CVE
CVE
added 2020/06/06 3:37 p.m.353 views

CVE-2020-13871

SQLite 3.32.2 is affected by a use-after-free in resetAccumulator (select.c) due to a late parse tree rewrite for window functions. Impact could include a crash or arbitrary code execution. Remediation: upgrade to SQLite 3.32.3 or later (fix upstream).

7.5CVSS7.4AI score0.04447EPSS
CVE
CVE
added 2019/10/23 7:27 p.m.344 views

CVE-2019-12415

CVE-2019-12415 affects Apache POI up to version 4.1.0. The vulnerability arises when using the tool XSSFExportToXml to convert user-supplied Excel documents, allowing an attacker to read local filesystem or internal network resources via XML External Entity (XXE) processing. The Connected documen...

5.5CVSS6.7AI score0.0099EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.294 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2020/09/19 3:45 a.m.289 views

CVE-2020-5421

CVE-2020-5421 affects Spring Framework releases across multiple lines (5.2.x to 5.0.x, 4.3.x and older). The issue arises from improper input handling of the jsessionid path parameter, which may bypass RFD Protection and weaken security controls. Affected products reference VMware Tanzu Spring Fr...

8.7CVSS7.2AI score0.10736EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.239 views

CVE-2021-2351

CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...

8.3CVSS8.5AI score0.025EPSS
CVE
CVE
added 2019/08/29 12:0 a.m.228 views

CVE-2019-12402

CVE-2019-12402 affects Apache Commons Compress 1.15–1.18, where the internal file-name encoding can loop infinitely and cause DoS when processing crafted archives. Connected docs show multiple vendors referencing this CVE in product advisories (e.g., Atlassian Confluence with dependency notes; IB...

7.5CVSS7.1AI score0.16157EPSS
CVE
CVE
added 2019/04/22 8:52 p.m.192 views

CVE-2019-5427

CVE-2019-5427 affects c3p0, where versions older than 0.9.5.4 are vulnerable to a billion laughs (XML entity expansion) attack when loading XML configuration due to missing protections against recursive entity expansion. Public sources in connected documents confirm the issue exists in c3p0

7.5CVSS7.2AI score0.04882EPSS
CVE
CVE
added 2021/03/19 4:5 p.m.186 views

CVE-2021-27807

CVE-2021-27807 affects Apache PDFBox 2.0.22 and earlier 2.0.x. The issue arises when loading a crafted PDF, triggering an infinite loop and causing denial of service. Connected IBM advisories confirm the same description and map remediation to upgrading to fixed PDFBox versions via product-specif...

5.5CVSS5.6AI score0.02979EPSS
CVE
CVE
added 2021/03/19 4:5 p.m.186 views

CVE-2021-27906

CVE-2021-27906 affects Apache PDFBox; a crafted PDF can trigger an OutOfMemoryError when loading, impacting PDFBox 2.0.22 and earlier 2.0.x. The connected IBM/QRadar security bulletin confirms the same CVE ID and notes remediation: upgrade to IBM Cognos-related 2.0.6.12, then apply FixPack 2.0.6....

5.5CVSS5.6AI score0.03337EPSS
CVE
CVE
added 2019/07/10 12:0 a.m.161 views

CVE-2018-14550

CVE-2018-14550 corresponds to a stack-based buffer overflow in libpng 1.6.35’s PNM decoding path, specifically in get_token() within pnm2png.c of pnm2png. The issue is triggered during third-party PNM decoding and is documented across multiple advisories (EulerOS, Gentoo GLSA, GN/NET, etc.). The ...

8.8CVSS8.7AI score0.03554EPSS
CVE
CVE
added 2021/01/20 2:49 p.m.112 views

CVE-2021-1996

CVE-2021-1996 affects Oracle WebLogic Server (Oracle Fusion Middleware, Web Services component). Affected versions include 10.3.6.0.0 and 12.1.3.0.0. The issue allows a high-privilege attacker with network access via HTTP to compromise the server, with human interaction required and potential una...

3.5CVSS3.4AI score0.0126EPSS
CVE
CVE
added 2021/01/20 2:49 p.m.109 views

CVE-2021-1993

CVE-2021-1993 affects Oracle Database Server’s Java VM component. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. An attacker with Create Session via Oracle Net and low privileges, requiring user interaction, can impact data integrity by compromising Java VM. CVSSv3.1 base score 4.8 (I), vector ...

4.8CVSS5.1AI score0.00806EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.70 views

CVE-2021-1999

CVE-2021-1999 affects Oracle ZFS Storage Appliance Kit (Oracle Systems) in the RAS subsystems with version 8.8. The vulnerability allows a high-privilege attacker who has local logon to compromise the kit, requiring user interaction. Attacks can lead to unauthorized creation, deletion, or modific...

5CVSS4.8AI score0.00323EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.69 views

CVE-2021-2445

CVE-2021-2445 affects Oracle Hyperion’s Hyperion Infrastructure Technology, specifically the Lifecycle Management component, with affected version 11.2.5.0. The vulnerability description indicates high-privilege access via network (HTTP) with required user interaction, enabling unauthorized creat...

5.7CVSS5.4AI score0.00831EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.66 views

CVE-2021-2347

CVE-2021-2347 affects Oracle Hyperion’s Hyperion Infrastructure Technology, specifically the Lifecycle Management component in the 11.2.5.0 release. The Red Hat and NVD entries mirror this: a vulnerability that can be exploited by a high-privilege attacker over HTTP with network access, requiring...

5.2CVSS5.4AI score0.00886EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.48 views

CVE-2020-14854

CVE-2020-14854 affects Oracle Hyperion Infrastructure Technology UI and Visualization (affected 11.1.2.4). Vulnerability allows a high-privileged attacker with network access via HTTP to compromise data with user interaction required; impact to confidentiality and integrity is indicated (CVE CVSS...

7.9CVSS6.1AI score0.01329EPSS
CVE
CVE
added 2026/04/21 8:35 p.m.24 views

CVE-2026-35244

Oracle Hyperion Infrastructure Technology (Oracle Hyperion), component Lifecycle Management, is affected in version 11.2.24.0.000. The vulnerability allows a highly privileged attacker who can access over HTTP to cause unauthorized creation, deletion or modification of critical data or all access...

5.2CVSS5.7AI score0.00165EPSS