Filtered by vendor Oracle Subscriptions
Filtered by product Flexcube Private Banking Subscriptions
Total 75 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-11979 5 Apache, Fedoraproject, Gradle and 2 more 38 Ant, Fedora, Gradle and 35 more 2024-08-04 7.5 High
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
CVE-2020-11972 3 Apache, Oracle, Redhat 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more 2024-08-04 9.8 Critical
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVE-2020-11973 3 Apache, Oracle, Redhat 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more 2024-08-04 9.8 Critical
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVE-2020-11971 3 Apache, Oracle, Redhat 6 Camel, Communications Diameter Intelligence Hub, Communications Diameter Signaling Router and 3 more 2024-08-04 7.5 High
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
CVE-2020-9489 3 Apache, Oracle, Redhat 6 Tika, Communications Messaging Server, Flexcube Private Banking and 3 more 2024-08-04 5.5 Medium
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.
CVE-2020-9488 5 Apache, Debian, Oracle and 2 more 53 Log4j, Debian Linux, Communications Application Session Controller and 50 more 2024-08-04 3.7 Low
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
CVE-2020-1950 5 Apache, Canonical, Debian and 2 more 7 Tika, Ubuntu Linux, Debian Linux and 4 more 2024-08-04 5.5 Medium
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
CVE-2020-1951 4 Apache, Canonical, Debian and 1 more 6 Tika, Ubuntu Linux, Debian Linux and 3 more 2024-08-04 5.5 Medium
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
CVE-2020-1945 6 Apache, Canonical, Fedoraproject and 3 more 54 Ant, Ubuntu Linux, Fedora and 51 more 2024-08-04 6.3 Medium
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
CVE-2020-1941 2 Apache, Oracle 7 Activemq, Communications Diameter Signaling Router, Communications Element Manager and 4 more 2024-08-04 6.1 Medium
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
CVE-2021-44832 6 Apache, Cisco, Debian and 3 more 31 Log4j, Cloudcenter, Debian Linux and 28 more 2024-08-04 6.6 Medium
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
CVE-2021-43859 5 Debian, Fedoraproject, Oracle and 2 more 13 Debian Linux, Fedora, Commerce Guided Search and 10 more 2024-08-04 7.5 High
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
CVE-2021-40690 4 Apache, Debian, Oracle and 1 more 26 Cxf, Santuario Xml Security For Java, Tomee and 23 more 2024-08-04 7.5 High
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
CVE-2021-26117 5 Apache, Debian, Netapp and 2 more 10 Activemq, Activemq Artemis, Debian Linux and 7 more 2024-08-03 7.5 High
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.
CVE-2021-2351 1 Oracle 111 Advanced Networking Option, Agile Engineering Data Management, Agile Plm and 108 more 2024-08-03 8.3 High
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).