Latest oracle blockchain platform Vulnerabilities

CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unau...
Oracle Advanced Networking Option=12.1.0.2
Oracle Advanced Networking Option=12.2.0.1
Oracle Advanced Networking Option=19c
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
and 242 more
CVE-2021-23017
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting th...
F5 Nginx>=0.6.18<1.20.1
Openresty Openresty<1.19.3.2
Fedoraproject Fedora=33
Fedoraproject Fedora=34
NetApp ONTAP Select Deploy administration utility
Oracle Blockchain Platform<21.1.2
and 27 more
CVE-2021-29425
Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-cra...
redhat/eap7-apache-commons-io<0:2.10.0-1.redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.16-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.20-4.SP2_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.35-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-2.redhat_00006.1.el6ea
redhat/eap7-jberet<0:1.3.9-1.Final_redhat_00001.1.el6ea
and 185 more
CVE-2020-36183
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.00<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0.<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36181
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-36180
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 72 more
CVE-2020-36179
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 65 more
CVE-2020-36182
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36185
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-36184
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-35728
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka em...
IBM Disconnected Log Collector<=v1.0 - v1.8.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.7
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.9.0<2.9.10.8
Debian Debian Linux=9.0
NetApp Service Level Manager
and 62 more
CVE-2020-36188
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 73 more
CVE-2020-36189
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 65 more
CVE-2020-36186
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-36187
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-28052
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect pass...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api=1.65
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api=1.66
Apache Karaf=4.3.2
Oracle Banking Corporate Lending Process Management=14.2.0
Oracle Banking Corporate Lending Process Management=14.3.0
Oracle Banking Corporate Lending Process Management=14.5.0
and 81 more
CVE-2020-35490
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
IBM Security Verify Governance<=10.0
redhat/jackson-databind<2.9.10.8
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.7
FasterXML jackson-databind>=2.0.0<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
and 35 more
CVE-2020-35491
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
IBM Security Verify Governance<=10.0
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 35 more
CVE-2020-17527
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an issue when the HTTP request header value can be reused from the previous stream received on an HTTP/2 connecti...
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el7
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el7
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el8
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el8
redhat/tomcat<10.0.0
redhat/tomcat<9.0.40
and 65 more
CVE-2020-27218
### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received en...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
redhat/jetty<9.4.35.
redhat/jetty<10.0.0.
redhat/jetty<11.0.0.
and 31 more
CVE-2020-8277
Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerability to trigger a DNS reques...
IBM Cloud Pak for Security (CP4S)<=1.6.0.1
IBM Cloud Pak for Security (CP4S)<=1.6.0.0
IBM Cloud Pak for Security (CP4S)<=1.5.0.1
IBM Cloud Pak for Security (CP4S)<=1.5.0.0
IBM Cloud Pak for Security (CP4S)<=1.4.0.0
Nodejs Node.js>=12.16.3<12.19.1
and 17 more
CVE-2020-24750
FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.Jn...
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.6
Oracle Agile PLM=9.3.6
Oracle Application Testing Suite=13.3.0.1
Oracle Autovue For Agile Product Lifecycle Management=21.0.2
Oracle Banking Corporate Lending Process Management=14.2.0
and 36 more
CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.5
IBM ISAM<=9.0.7
IBM Security Verify Access<=10.0.0
FasterXML jackson-databind>=2.0.0<2.9.10.6
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
and 30 more
CVE-2020-15719
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectA...
Openldap Openldap<2.4.46-10.el8
Redhat Enterprise Linux=8.0
openSUSE Leap=15.1
openSUSE Leap=15.2
McAfee Policy Auditor<6.5.1
Oracle Blockchain Platform<21.1.2
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could tr...
redhat/tomcat<0:7.0.76-15.el7
redhat/jbossweb<0:7.5.31-2.Final_redhat_2.1.ep6.el5
redhat/jbossweb<0:7.5.31-2.Final_redhat_2.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
redhat/jbossas-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
redhat/jbossas-bundles<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 220 more
CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
redhat/nodejs<12.18.0
redhat/nodejs<14.4.0
redhat/rh-nodejs12-nodejs<0:12.18.2-1.el7
debian/nodejs
Nodejs Node.js>=12.0.0<12.18.0
Nodejs Node.js>=14.0.0<14.4.0
and 10 more
CVE-2020-11080
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a ...
debian/nodejs<=10.20.1~dfsg-1<=10.19.0~dfsg1-1
Nghttp2 Nghttp2<1.41.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
openSUSE Leap=15.1
Fedoraproject Fedora=31
and 36 more
CVE-2020-8174
A flaw was found in nodejs. Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of 0 will cause the entire string...
redhat/rh-nodejs12-nodejs<0:12.18.2-1.el7
redhat/rh-nodejs10-nodejs<0:10.21.0-3.el7
redhat/nodejs<10.21.0
redhat/nodejs<12.18.0
redhat/nodejs<14.4.0
ubuntu/nodejs<8.10.0~dfsg-2ubuntu0.4+
and 23 more
CVE-2020-8203
A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to...
redhat/kiali<0:v1.12.10.redhat2-1.el7
redhat/ior<0:1.1.6-1.el8
redhat/servicemesh<0:1.1.6-1.el8
redhat/servicemesh-cni<0:1.1.6-1.el8
redhat/servicemesh-grafana<0:6.4.3-13.el8
redhat/servicemesh-operator<0:1.1.6-2.el8
and 54 more
CVE-2020-11022
### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patch...
rubygems/jquery-rails<4.4.0
maven/org.webjars.npm:jquery>=1.2.0<3.5.0
nuget/jquery>=1.2.0<3.5.0
npm/jquery>=1.2.0<3.5.0
redhat/qpid-dispatch<0:1.13.0-3.el6_10
redhat/qpid-dispatch<0:1.13.0-3.el7
and 164 more
CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Lang...
Dropwizard Dropwizard Validation<1.3.19
Dropwizard Dropwizard Validation>=2.0.0<2.0.2
Oracle Blockchain Platform<21.1.2
CVE-2019-12399
Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a flaw in the Connect REST API. By sending specially crafted request, a remote attacker could exploit this vulnera...
IBM Initial Release<=2.0
IBM Initial Release<=2.0
IBM Security Guardium Insights<=2.0.1
redhat/kafka<2.0.2
redhat/kafka<2.1.2
redhat/kafka<2.2.2
and 28 more
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind which did not have entity expansion secured properly making it vulnerable to XML external entity (XXE). This vulnerability is similar to <a href="https:...
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00002.1.el6ea
redhat/eap7-activemq-artemis<0:2.9.0-6.redhat_00016.1.el6ea
redhat/eap7-fge-btf<0:1.2.0-1.redhat_00007.1.el6ea
redhat/eap7-fge-msg-simple<0:1.1.0-1.redhat_00007.1.el6ea
redhat/eap7-hal-console<0:3.2.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.21-1.Final_redhat_00001.1.el6ea
and 147 more
CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Jav...
redhat/apache-commons-beanutils<0:1.8.3-15.el7_7
redhat/eap7-activemq-artemis<0:2.9.0-2.redhat_00009.1.el6ea
redhat/eap7-apache-commons-beanutils<0:1.9.4-1.redhat_00002.1.el6ea
redhat/eap7-glassfish-el<0:3.0.1-4.b08_redhat_00003.1.el6ea
redhat/eap7-glassfish-jaxb<0:2.3.3-4.b02_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-7.SP3_redhat_00005.1.el6ea
and 486 more
CVE-2019-13057
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g.,...
Apple macOS Catalina<10.15.2
Apple Mojave
Apple High Sierra
Openldap Openldap<2.4.48
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=14.04
and 32 more
CVE-2019-13565
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain...
Apple macOS Catalina<10.15.2
Apple Mojave
Apple High Sierra
ubuntu/openldap<2.4.45+dfsg-1ubuntu1.3
ubuntu/openldap<2.4.47+dfsg-3ubuntu2.1
ubuntu/openldap<2.4.31-1+
and 32 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203