|
2021-07-21
|
CVE-2021-2351
|
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products....
|
Advanced_networking_option, Agile_engineering_data_management, Agile_plm, Agile_product_lifecycle_management_for_process, Airlines_data_model, Application_performance_management, Application_testing_suite, Argus_analytics, Argus_insight, Argus_mart, Argus_safety, Banking_apis, Banking_digital_experience, Banking_enterprise_default_management, Banking_platform, Big_data_spatial_and_graph, Blockchain_platform, Clinical, Commerce_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_calendar_server, Communications_contacts_server, Communications_convergent_charging_controller, Communications_data_model, Communications_design_studio, Communications_diameter_intelligence_hub, Communications_ip_service_activator, Communications_metasolv_solution, Communications_network_charging_and_control, Communications_network_integrity, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Data_integrator, Demantra_demand_management, Documaker, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Financial_services_foreign_account_tax_compliance_act_management, Financial_services_model_management_and_governance, Financial_services_trade\-Based_anti_money_laundering, Flexcube_investor_servicing, Flexcube_private_banking, Fusion_middleware, Goldengate, Goldengate_application_adapters, Graph_server_and_client, Health_sciences_clinical_development_analytics, Health_sciences_inform_crf_submit, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_translational_research, Hospitality_inventory_management, Hospitality_opera_5, Hospitality_reporting_and_analytics, Hospitality_suite8, Hyperion_infrastructure_technology, Ilearning, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_tools, Oss_support_tools, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_analytics, Primavera_data_warehouse, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_p6_professional_project_management, Primavera_unifier, Product_lifecycle_analytics, Rapid_planning, Real_user_experience_insight, Retail_analytics, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_store_inventory_management, Retail_xstore_point_of_service, Siebel_ui_framework, Spatial_studio, Storagetek_acsls, Storagetek_tape_analytics, Thesaurus_management_system, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator, Weblogic_server, Zfs_storage_application_integration_engineering_software
|
N/A
|
|
|
|
2021-09-19
|
CVE-2021-40690
|
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
|
Cxf, Santuario_xml_security_for_java, Tomee, Debian_linux, Agile_plm, Commerce_guided_search, Commerce_platform, Communications_diameter_intelligence_hub, Communications_messaging_server, Flexcube_private_banking, Outside_in_technology, Peoplesoft_enterprise_peopletools, Retail_bulk_data_integration, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_service_backbone, Weblogic_server
|
7.5
|
|
|
|
2021-12-18
|
CVE-2021-45105
|
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
|
Log4j, Debian_linux, Cloud_manager, Agile_engineering_data_management, Agile_plm, Agile_plm_mcad_connector, Autovue_for_agile_product_lifecycle_management, Banking_deposits_and_lines_of_credit_servicing, Banking_enterprise_default_management, Banking_loans_servicing, Banking_party_management, Banking_payments, Banking_platform, Banking_trade_finance, Banking_treasury_management, Business_intelligence, Communications_asap, Communications_billing_and_revenue_management, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_convergence, Communications_convergent_charging_controller, Communications_diameter_signaling_router, Communications_eagle_element_management_system, Communications_eagle_ftp_table_base_retrieval, Communications_element_manager, Communications_evolved_communications_application_server, Communications_interactive_session_recorder, Communications_ip_service_activator, Communications_messaging_server, Communications_network_charging_and_control, Communications_network_integrity, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Communications_user_data_repository, Communications_webrtc_session_controller, Data_integrator, E\-Business_suite, Enterprise_manager_base_platform, Enterprise_manager_for_peoplesoft, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Flexcube_universal_banking, Health_sciences_empirica_signal, Health_sciences_inform, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_master_person_index, Healthcare_translational_research, Hospitality_suite8, Hospitality_token_proxy_service, Hyperion_bi\+, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Hyperion_planning, Hyperion_profitability_and_cost_management, Hyperion_tax_provision, Identity_management_suite, Identity_manager_connector, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Managed_file_transfer, Management_cloud_engine, Mysql_enterprise_monitor, Payment_interface, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_data_extractor_for_merchandising, Retail_eftlink, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_store_inventory_management, Siebel_ui_framework, Sql_developer, Taleo_platform, Utilities_framework, Webcenter_portal, Webcenter_sites, Weblogic_server, 6bk1602\-0aa12\-0tp0_firmware, 6bk1602\-0aa22\-0tp0_firmware, 6bk1602\-0aa32\-0tp0_firmware, 6bk1602\-0aa42\-0tp0_firmware, 6bk1602\-0aa52\-0tp0_firmware, Email_security, Network_security_manager, Web_application_firewall
|
5.9
|
|
|
|
2022-01-24
|
CVE-2022-23437
|
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
|
Xerces\-J, Active_iq_unified_manager, Agile_engineering_data_management, Agile_plm, Banking_deposits_and_lines_of_credit_servicing, Banking_party_management, Communications_asap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Flexcube_universal_banking, Global_lifecycle_management_nextgen_oui_framework, Global_lifecycle_management_opatch, Health_sciences_information_manager, Ilearning, Peoplesoft_enterprise_peopletools, Primavera_gateway, Product_lifecycle_analytics, Retail_bulk_data_integration, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_service_backbone, Weblogic_server
|
6.5
|
|
|
|
2022-04-01
|
CVE-2022-22965
|
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
|
Cx_cloud_agent, Commerce_platform, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_policy_management, Communications_unified_inventory_management, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Mysql_enterprise_monitor, Product_lifecycle_analytics, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_xstore_point_of_service, Sd\-Wan_edge, Weblogic_server, Operation_scheduler, Simatic_speech_assistant_for_machines, Sinec_network_management_system, Sipass_integrated, Siveillance_identity, Access_appliance, Flex_appliance, Netbackup_appliance, Netbackup_flex_scale_appliance, Netbackup_virtual_appliance, Spring_framework
|
9.8
|
|
|
|
2019-07-26
|
CVE-2019-13990
|
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
|
Tomee, Jira_service_management, Active_iq_unified_manager, Cloud_secure_agent, Apache_batik_mapviewer, Banking_enterprise_originations, Banking_enterprise_product_manufacturing, Banking_payments, Communications_ip_service_activator, Communications_session_route_manager, Customer_management_and_segmentation_foundation, Documaker, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Flexcube_investor_servicing, Flexcube_private_banking, Fusion_middleware_mapviewer, Google_guava_mapviewer, Hyperion_infrastructure_technology, Jd_edwards_enterpriseone_orchestrator, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_returns_management, Retail_xstore_point_of_service, Terracotta_quartz_scheduler_mapviewer, Webcenter_sites, Quartz
|
9.8
|
|
|
|
2018-05-24
|
CVE-2018-8013
|
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
|
Batik, Ubuntu_linux, Debian_linux, Business_intelligence, Communications_diameter_signaling_router, Communications_metasolv_solution, Communications_webrtc_session_controller, Data_integrator, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Fusion_middleware_mapviewer, Instantis_enterprisetrack, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_tools, Retail_back_office, Retail_central_office, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_returns_management
|
9.8
|
|
|
|
2020-11-12
|
CVE-2019-17566
|
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
|
Batik, Api_gateway, Business_intelligence, Communications_application_session_controller, Communications_metasolv_solution, Communications_offline_mediation_controller, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Fusion_middleware_mapviewer, Hospitality_opera_5, Hyperion_financial_reporting, Instantis_enterprisetrack, Jd_edwards_enterpriseone_tools, Retail_integration_bus, Retail_order_broker, Retail_order_management_system_cloud_service, Retail_point\-Of\-Service, Retail_returns_management
|
7.5
|
|
|
|
2017-04-17
|
CVE-2017-5645
|
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
|
Log4j, Oncommand_api_services, Oncommand_insight, Oncommand_workflow_automation, Service_level_manager, Snapcenter, Storage_automation_store, Api_gateway, Application_testing_suite, Autovue_vuelink_integration, Banking_platform, Bi_publisher, Communications_converged_application_server_\-_service_controller, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_network_integrity, Communications_online_mediation_controller, Communications_pricing_design_center, Communications_service_broker, Communications_webrtc_session_controller, Configuration_manager, Endeca_information_discovery_studio, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Enterprise_manager_for_mysql_database, Enterprise_manager_for_oracle_database, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_lending_and_leasing, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_profitability_management, Financial_services_regulatory_reporting_with_agilereporter, Flexcube_investor_servicing, Fusion_middleware_mapviewer, Goldengate, Goldengate_application_adapters, Identity_analytics, Identity_management_suite, Identity_manager_connector, In\-Memory_performance\-Driven_planning, Instantis_enterprisetrack, Insurance_calculation_engine, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_tools, Jdeveloper, Mysql_enterprise_monitor, Peoplesoft_enterprise_fin_install, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_gateway, Rapid_planning, Retail_advanced_inventory_planning, Retail_clearance_optimization_engine, Retail_extract_transform_and_load, Retail_integration_bus, Retail_open_commerce_platform, Retail_predictive_application_server, Retail_service_backbone, Siebel_ui_framework, Soa_suite, Tape_library_acsls, Timesten_in\-Memory_database, Utilities_advanced_spatial_and_operational_analytics, Utilities_work_and_asset_management, Weblogic_server, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Fuse
|
9.8
|
|
|
|
2018-04-06
|
CVE-2018-1270
|
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
|
Debian_linux, Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_services_gatekeeper, Enterprise_manager_ops_center, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_rules_palette, Primavera_gateway, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_integration_bus, Retail_open_commerce_platform, Retail_order_broker, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_returns_management, Retail_xstore_point_of_service, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Fuse, Spring_framework
|
9.8
|
|
|