2021-10-25
|
CVE-2021-21703
|
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged...
|
Debian_linux, Fedora, Clustered_data_ontap, Communications_diameter_signaling_router, Php
|
7.0
|
|
|
2021-12-28
|
CVE-2021-44832
|
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
|
Log4j, Cloudcenter, Debian_linux, Fedora, Communications_brm_\-_elastic_charging_engine, Communications_diameter_signaling_router, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Flexcube_private_banking, Health_sciences_data_management_workbench, Policy_automation, Policy_automation_for_mobile_devices, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Product_lifecycle_analytics, Retail_assortment_planning, Retail_fiscal_management, Retail_order_broker, Retail_xstore_point_of_service, Siebel_ui_framework, Weblogic_server
|
6.6
|
|
|
2020-09-17
|
CVE-2020-24750
|
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
|
Debian_linux, Jackson\-Databind, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_liquidity_management, Banking_supply_chain_finance, Blockchain_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_instant_messaging_server, Communications_messaging_server, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Identity_manager_connector, Siebel_core_\-_server_framework, Siebel_ui_framework
|
8.1
|
|
|
2021-01-06
|
CVE-2020-36189
|
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
|
Debian_linux, Jackson\-Databind, Cloud_backup, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_diameter_signaling_router, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_route_manager, Communications_unified_inventory_management, Documaker, Goldengate_application_adapters, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_service_backbone, Retail_xstore_point_of_service, Webcenter_portal
|
8.1
|
|
|
2019-06-19
|
CVE-2019-2729
|
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts)....
|
Communications_diameter_signaling_router, Communications_network_integrity, Hyperion_infrastructure_technology, Identity_manager, Peoplesoft_enterprise_peopletools, Rapid_planning, Storagetek_tape_analytics_sw_tool, Tape_library_acsls, Weblogic_server
|
9.8
|
|
|
2021-07-12
|
CVE-2021-30640
|
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
|
Tomcat, Debian_linux, Communications_cloud_native_core_policy, Communications_diameter_signaling_router, Communications_pricing_design_center, Hospitality_cruise_shipboard_property_management_system, Tekelec_platform_distribution
|
6.5
|
|
|
2021-12-18
|
CVE-2021-45105
|
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
|
Log4j, Debian_linux, Cloud_manager, Agile_engineering_data_management, Agile_plm, Agile_plm_mcad_connector, Autovue_for_agile_product_lifecycle_management, Banking_deposits_and_lines_of_credit_servicing, Banking_enterprise_default_management, Banking_loans_servicing, Banking_party_management, Banking_payments, Banking_platform, Banking_trade_finance, Banking_treasury_management, Business_intelligence, Communications_asap, Communications_billing_and_revenue_management, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_convergence, Communications_convergent_charging_controller, Communications_diameter_signaling_router, Communications_eagle_element_management_system, Communications_eagle_ftp_table_base_retrieval, Communications_element_manager, Communications_evolved_communications_application_server, Communications_interactive_session_recorder, Communications_ip_service_activator, Communications_messaging_server, Communications_network_charging_and_control, Communications_network_integrity, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Communications_user_data_repository, Communications_webrtc_session_controller, Data_integrator, E\-Business_suite, Enterprise_manager_base_platform, Enterprise_manager_for_peoplesoft, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Flexcube_universal_banking, Health_sciences_empirica_signal, Health_sciences_inform, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_master_person_index, Healthcare_translational_research, Hospitality_suite8, Hospitality_token_proxy_service, Hyperion_bi\+, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Hyperion_planning, Hyperion_profitability_and_cost_management, Hyperion_tax_provision, Identity_management_suite, Identity_manager_connector, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Managed_file_transfer, Management_cloud_engine, Mysql_enterprise_monitor, Payment_interface, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_data_extractor_for_merchandising, Retail_eftlink, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_store_inventory_management, Siebel_ui_framework, Sql_developer, Taleo_platform, Utilities_framework, Webcenter_portal, Webcenter_sites, Weblogic_server, 6bk1602\-0aa12\-0tp0_firmware, 6bk1602\-0aa22\-0tp0_firmware, 6bk1602\-0aa32\-0tp0_firmware, 6bk1602\-0aa42\-0tp0_firmware, 6bk1602\-0aa52\-0tp0_firmware, Email_security, Network_security_manager, Web_application_firewall
|
5.9
|
|
|
2019-07-23
|
CVE-2019-10173
|
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
|
Banking_platform, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_diameter_signaling_router, Communications_unified_inventory_management, Endeca_information_discovery_studio, Retail_xstore_point_of_service, Utilities_framework, Webcenter_portal, Xstream
|
9.8
|
|
|
2020-05-14
|
CVE-2020-11973
|
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
|
Camel, Communications_diameter_signaling_router, Enterprise_manager_base_platform, Flexcube_private_banking
|
9.8
|
|
|
2020-12-17
|
CVE-2020-35490
|
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
|
Debian_linux, Jackson\-Databind, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_router, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Documaker, Insurance_policy_administration_j2ee, Retail_merchandising_system, Retail_xstore_point_of_service, Webcenter_portal
|
8.1
|
|
|