Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Oracle Subscribe
Filtered by product Communications Session Report Manager
Total 68 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5421 3 Netapp, Oracle, Vmware 38 Oncommand Insight, Snap Creator Framework, Snapcenter and 35 more 2023-03-01 3.6 LOW 6.5 MEDIUM
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
CVE-2021-36090 3 Apache, Netapp, Oracle 34 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 31 more 2023-02-28 5.0 MEDIUM 7.5 HIGH
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
CVE-2020-11023 7 Debian, Drupal, Fedoraproject and 4 more 55 Debian Linux, Drupal, Fedora and 52 more 2023-02-02 4.3 MEDIUM 6.1 MEDIUM
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-28052 3 Apache, Bouncycastle, Oracle 20 Karaf, Legion-of-the-bouncy-castle-java-crytography-api, Banking Corporate Lending Process Management and 17 more 2023-02-02 6.8 MEDIUM 8.1 HIGH
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
CVE-2022-23437 3 Apache, Netapp, Oracle 29 Xerces-j, Active Iq Unified Manager, Agile Engineering Data Management and 26 more 2022-12-06 7.1 HIGH 6.5 MEDIUM
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
CVE-2021-44224 6 Apache, Apple, Debian and 3 more 12 Http Server, Mac Os X, Macos and 9 more 2022-11-02 6.4 MEDIUM 8.2 HIGH
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
CVE-2021-44790 7 Apache, Apple, Debian and 4 more 14 Http Server, Mac Os X, Macos and 11 more 2022-11-02 7.5 HIGH 9.8 CRITICAL
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
CVE-2021-33037 4 Apache, Debian, Mcafee and 1 more 22 Tomcat, Tomee, Debian Linux and 19 more 2022-10-26 5.0 MEDIUM 5.3 MEDIUM
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
CVE-2021-22118 3 Netapp, Oracle, Vmware 32 Hci, Management Services For Element Software, Commerce Guided Search and 29 more 2022-10-25 4.6 MEDIUM 7.8 HIGH
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
CVE-2020-9490 7 Apache, Canonical, Debian and 4 more 25 Http Server, Ubuntu Linux, Debian Linux and 22 more 2022-10-07 5.0 MEDIUM 7.5 HIGH
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
CVE-2021-2351 1 Oracle 110 Advanced Networking Option, Agile Engineering Data Management, Agile Plm and 107 more 2022-10-06 5.1 MEDIUM 8.3 HIGH
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVE-2021-45105 5 Apache, Debian, Netapp and 2 more 121 Log4j, Debian Linux, Cloud Manager and 118 more 2022-10-06 4.3 MEDIUM 5.9 MEDIUM
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVE-2020-1941 2 Apache, Oracle 7 Activemq, Communications Diameter Signaling Router, Communications Element Manager and 4 more 2022-10-05 4.3 MEDIUM 6.1 MEDIUM
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
CVE-2019-0197 6 Apache, Canonical, Fedoraproject and 3 more 12 Http Server, Ubuntu Linux, Fedora and 9 more 2022-09-07 4.9 MEDIUM 4.2 MEDIUM
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
CVE-2021-27807 3 Apache, Fedoraproject, Oracle 15 Pdfbox, Fedora, Banking Trade Finance Process Management and 12 more 2022-09-02 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVE-2021-27906 3 Apache, Fedoraproject, Oracle 19 Pdfbox, Fedora, Banking Corporate Lending Process Management and 16 more 2022-09-02 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVE-2020-36180 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2022-09-02 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36179 4 Debian, Fasterxml, Netapp and 1 more 43 Debian Linux, Jackson-databind, Cloud Backup and 40 more 2022-09-02 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36188 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2022-09-02 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVE-2020-36186 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2022-09-02 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.