Lucene search
+L
OracleMiddleware Common Libraries And Tools

9 matches found

CVE
CVE
added 2022/01/18 3:25 p.m.877 views

CVE-2022-23302

CVE-2022-23302 affects Log4j 1.x JMSSink. TheDeserialization flaw allows remote code execution when an attacker can write to the Log4j configuration or when the configuration references an LDAP service the attacker controls. JMSSink can be triggered via a TopicConnectionFactoryBindingName to caus...

8.8CVSS9.3AI score0.61785EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.821 views

CVE-2022-23307

CVE-2022-23307 concerns a deserialization vulnerability in the Chainsaw component of Apache Log4j 1.x (Chainsaw bundled with Log4j 1.2.x). The root cause is unsafe deserialization of untrusted data via Chainsaw, allowing potential code execution. Multiple Atlassian products initially bundled Chai...

9CVSS9.2AI score0.52458EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.747 views

CVE-2022-23305

CVE-2022-23305 concerns Apache Log4j 1.x when configured with JDBCAppender: an SQL statement is built from a PatternLayout-converted value (notably %m), allowing an attacker to craft input to alter and potentially execute SQL. The issue is specific to Log4j 1.x if JDBCAppender is used; JDBCAppend...

9.8CVSS9.4AI score0.66537EPSS
Web
CVE
CVE
added 2021/08/18 3:10 p.m.544 views

CVE-2021-37714

CVE-2021-37714 affects jsoup (Java HTML parser) versions prior to 1.14.2. When parsing untrusted HTML/XML, the parser may loop, slow down, or throw exceptions, enabling a denial-of-service condition. A fix is available in jsoup 1.14.2. Workarounds include rate-limiting parsing input, capping inpu...

7.5CVSS7.3AI score0.06873EPSS
CVE
CVE
added 2021/10/14 7:55 p.m.486 views

CVE-2021-42340

The CVE-2021-42340 issue is a memory leak in Apache Tomcat caused by the upgrade HTTP metric collector not releasing WebSocket resources after close. Affected versions include Tomcat 8.5.60–8.5.71, 9.0.40–9.0.53, 10.0.0-M1–10.0.11, and 10.1.0-M1–10.1.0-M5. Over time, this leak can lead to OutOfMe...

7.5CVSS6.7AI score0.10997EPSS
CVE
CVE
added 2021/01/14 2:45 p.m.371 views

CVE-2021-23926

CVE-2021-23926 involves Apache XMLBeans up to 2.6.0, where XML parsers did not set necessary protections against malicious XML input, enabling an XML External Entity (XXE) attack and related.entity expansion concerns. The main impact cited is a potential denial of service or information disclosur...

9.1CVSS9.3AI score0.06215EPSS
CVE
CVE
added 2021/10/18 2:38 p.m.349 views

CVE-2021-42575

The IBM Jazz Reporting Service is affected by CVE-2021-42575 (OWASP Java HTML Sanitizer before 20211018.1 fails to properly enforce policies for SELECT, STYLE, and OPTION). Affected versions: 7.1, 7.0.3, 7.0.2. Remediation via IBM: apply the relevant iFix from Fix Central (7.1: iFix005; 7.0.3: iF...

9.8CVSS9.2AI score0.02844EPSS
CVE
CVE
added 2021/07/12 12:10 p.m.326 views

CVE-2021-30129

CVE-2021-30129 affects Apache Mina SSHD's sshd-core; a crafted request can trigger an OutOfMemory DoS in the SFTP and port forwarding features. Remediation: upgrade to Apache Mina SSHD 2.7.0 (fix documented in the IBM PEM advisory referencing this CVE). If applying via IBM PEM, follow their patch...

6.5CVSS6.9AI score0.03394EPSS
CVE
CVE
added 2021/07/19 2:53 p.m.136 views

CVE-2021-35043

CVE-2021-35043 affects OWASP AntiSamy prior to 1.6.4. The issue is a cross-site scripting (XSS) flaw in the HTML output serializer where HTML attributes can be exploited, demonstrated by a javascript: URL substituted via &#00058 for the colon character. The vulnerability is documented in OSV (GHS...

6.1CVSS5.9AI score0.01513EPSS