Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Timesten_in\-Memory_database
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 28 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-14 | CVE-2021-36374 | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. | Ant, Agile_engineering_data_management, Agile_plm, Banking_trade_finance, Banking_treasury_management, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_diameter_intelligence_hub, Communications_order_and_service_management, Communications_unified_inventory_management, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Health_sciences_information_manager, Insurance_policy_administration, Primavera_gateway, Primavera_unifier, Product_lifecycle_analytics, Real\-Time_decision_server, Retail_advanced_inventory_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_service_backbone, Retail_store_inventory_management, Retail_xstore_point_of_service, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator | 5.5 | ||
| 2021-07-15 | CVE-2021-34558 | The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | Fedora, Go, Cloud_insights_telegraf, Storagegrid, Trident, Timesten_in\-Memory_database | 6.5 | ||
| 2021-08-07 | CVE-2021-29923 | Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. | Fedora, Go, Timesten_in\-Memory_database | 7.5 | ||
| 2021-08-08 | CVE-2021-36221 | Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | Debian_linux, Fedora, Go, Timesten_in\-Memory_database, Scalance_lpe9403_firmware | 5.9 | ||
| 2021-11-08 | CVE-2021-41772 | Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | Fedora, Go, Timesten_in\-Memory_database | 7.5 | ||
| 2019-05-09 | CVE-2019-11834 | cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. | Cjson, Timesten_in\-Memory_database | 9.8 | ||
| 2019-05-09 | CVE-2019-11835 | cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. | Cjson, Timesten_in\-Memory_database | 9.8 | ||
| 2019-07-19 | CVE-2019-1010239 | DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later. | Cjson, Timesten_in\-Memory_database | 7.5 | ||
| 2018-08-31 | CVE-2018-11054 | RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. | Bsafe, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database | 7.5 | ||
| 2018-08-31 | CVE-2018-11055 | RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection. | Bsafe, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database | 5.5 |