Filtered by vendor Oracle
Subscribe
Filtered by product Financial Services Analytical Applications Infrastructure
Subscribe
Total
76 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-45105 | 5 Apache, Debian, Netapp and 2 more | 44 Log4j, Debian Linux, Cloud Manager and 41 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | |||||
CVE-2021-37695 | 4 Ckeditor, Debian, Fedoraproject and 1 more | 12 Ckeditor, Debian Linux, Fedora and 9 more | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. | |||||
CVE-2021-2140 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
CVE-2021-32809 | 3 Ckeditor, Fedoraproject, Oracle | 10 Ckeditor, Fedora, Application Express and 7 more | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. | |||||
CVE-2021-22118 | 3 Netapp, Oracle, Vmware | 32 Hci, Management Services For Element Software, Commerce Guided Search and 29 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | |||||
CVE-2021-29425 | 4 Apache, Debian, Netapp and 1 more | 60 Commons Io, Debian Linux, Active Iq Unified Manager and 57 more | 2024-02-04 | 5.8 MEDIUM | 4.8 MEDIUM |
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | |||||
CVE-2021-36090 | 3 Apache, Netapp, Oracle | 34 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 31 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. | |||||
CVE-2021-32808 | 3 Ckeditor, Fedoraproject, Oracle | 13 Ckeditor, Fedora, Application Express and 10 more | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2. | |||||
CVE-2021-26291 | 3 Apache, Oracle, Quarkus | 4 Maven, Financial Services Analytical Applications Infrastructure, Goldengate Big Data And Application Adapters and 1 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html | |||||
CVE-2021-36374 | 2 Apache, Oracle | 36 Ant, Agile Engineering Data Management, Agile Plm and 33 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. | |||||
CVE-2021-36373 | 2 Apache, Oracle | 32 Ant, Agile Plm, Banking Trade Finance and 29 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. | |||||
CVE-2019-17566 | 2 Apache, Oracle | 18 Batik, Api Gateway, Business Intelligence and 15 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. | |||||
CVE-2020-5421 | 3 Netapp, Oracle, Vmware | 38 Oncommand Insight, Snap Creator Framework, Snapcenter and 35 more | 2024-02-04 | 3.6 LOW | 6.5 MEDIUM |
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | |||||
CVE-2021-26272 | 2 Ckeditor, Oracle | 10 Ckeditor, Agile Plm, Application Express and 7 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). | |||||
CVE-2020-27193 | 2 Ckeditor, Oracle | 9 Ckeditor, Agile Plm, Application Express and 6 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | |||||
CVE-2021-26271 | 2 Ckeditor, Oracle | 7 Ckeditor, Agile Plm, Application Express and 4 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). | |||||
CVE-2020-14824 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2024-02-04 | 7.8 HIGH | 8.6 HIGH |
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). | |||||
CVE-2020-11979 | 4 Apache, Fedoraproject, Gradle and 1 more | 37 Ant, Fedora, Gradle and 34 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. | |||||
CVE-2020-14605 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). | |||||
CVE-2020-14604 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). |