Latest oracle communications brm - elastic charging engine Vulnerabilities

CVE-2021-43859
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU ...
redhat/jenkins<0:2.319.3.1650348949-1.el7
redhat/xstream<1.4.19
Xstream Project Xstream<1.4.19
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 13 more
CVE-2021-44832
Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appe...
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
Apache Log4j=2.0-beta9
Apache Log4j=2.15.0
Apache Log4j=2.17.0
Apache Log4j=1.2.x
and 58 more
CVE-2021-38153
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful...
maven/org.apache.kafka:kafka-clients=2.8.0
maven/org.apache.kafka:kafka-clients>=2.7.0<2.7.2
maven/org.apache.kafka:kafka-clients>=2.0.0<2.6.3
maven/org.apache.kafka:kafka_2.13=2.8.0
maven/org.apache.kafka:kafka_2.13>=2.7.0<2.7.2
maven/org.apache.kafka:kafka_2.13>=2.4.0<2.6.3
and 26 more
CVE-2021-37137
### Impact The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk ...
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el8ea
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el7ea
redhat/candlepin<0:4.1.15-1.el8
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec>=4.0.0<4.1.68.Final
and 61 more
CVE-2021-37136
### Impact The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users o...
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec<4.1.68.Final
Netty Netty<4.1.68
Quarkus Quarkus<2.2.4
Oracle Banking Apis>=18.1<=18.3
and 44 more
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a...
maven/org.springframework:spring-web>=5.3.0<=5.3.6
maven/org.springframework:spring-web>=5.2.0<=5.2.14
IBM DRM<=2.0.6
redhat/spring-framework<5.3.7
redhat/spring-framework<5.2.15
VMware Spring Framework>=5.2.0<5.2.15
and 48 more
CVE-2021-29505
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the...
redhat/xstream<0:1.3.1-14.el7_9
debian/libxstream-java
redhat/xstream<1.4.17
Xstream Project Xstream<1.4.17
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 37 more
CVE-2021-21409
### Impact The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request...
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec-http2>=4.0.0<4.1.61.Final
redhat/qpid-proton<0:0.33.0-6.el7_9
redhat/qpid-proton<0:0.33.0-8.el8
redhat/eap7-elytron-web<0:1.6.3-1.Final_redhat_00001.1.el6ea
and 75 more
CVE-2021-21342
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type informat...
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 28 more
CVE-2021-21290
### Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. The CVSSv3.1 ...
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec-http>=4.0.0<4.1.59.Final
redhat/qpid-proton<0:0.33.0-6.el7_9
redhat/qpid-proton<0:0.33.0-8.el8
redhat/eap7-artemis-wildfly-integration<0:1.0.4-1.redhat_00001.1.el6ea
and 91 more
CVE-2020-17521
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method ca...
Apache Groovy>=2.0.0<=2.4.20
Apache Groovy>=2.5.0<=2.5.13
Apache Groovy>=3.0.0<=3.0.6
Apache Groovy=4.0.0-alpha1
Netapp Snapcenter
Oracle Agile Engineering Data Management=6.2.1.0
and 37 more
CVE-2020-11612
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server...
redhat/qpid-cpp<0:1.36.0-30.el6_10a
redhat/qpid-proton<0:0.31.0-3.el6_10
redhat/qpid-cpp<0:1.36.0-30.el7a
redhat/qpid-proton<0:0.31.0-3.el7
redhat/nodejs-rhea<0:1.0.21-1.el8
redhat/qpid-cpp<0:1.39.0-5.el8a
and 72 more
CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) e...
maven/org.springframework:spring-webflux>=5.2.0<5.2.3
maven/org.springframework:spring-webmvc>=5.2.0<5.2.3
VMware Spring Framework>=5.2.0<5.2.3
Oracle Application Testing Suite=13.3.0.1
Oracle Communications Brm - Elastic Charging Engine=11.3
Oracle Communications Brm - Elastic Charging Engine=12.0
and 48 more
CVE-2018-15756
Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a ...
IBM GDE<=3.0.0.2
redhat/springframework<5.0.10
redhat/springframework<4.3.20
VMware Spring Framework>=4.2.0<4.3.20
VMware Spring Framework>=5.0.0<5.0.10
VMware Spring Framework=5.1.0
and 111 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203