Latest oracle communications messaging server Vulnerabilities

CVE-2022-23307
A deserialization flaw was found in Apache log4j 1.2.x. While reading serialized log events, they are improperly deserialized. Note this is the same as <a href="https://access.redhat.com/security/cve...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 193 more
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 196 more
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service...
redhat/log4j<0:1.2.14-6.6.el6_10
redhat/log4j<0:1.2.17-18.el7_4
redhat/log4j<0:1.2.17-17.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 194 more
CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-4104
Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
redhat/log4j<0:1.2.14-6.5.el6_10
redhat/log4j<0:1.2.17-17.el7_4
redhat/log4j<0:1.2.17-16.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 219 more
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from ...
maven/org.apache.santuario:xmlsec<2.1.7
maven/org.apache.santuario:xmlsec>=2.2.0<2.2.3
Apache Santuario XML Security for Java<2.1.7
Apache Santuario XML Security for Java>=2.2.0<2.2.3
Apache CXF=3.4.4
Apache TomEE<8.0.8
and 70 more
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, ...
redhat/eap7-apache-cxf<0:3.3.12-1.redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.5.3-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-3.redhat_00007.1.el6ea
redhat/eap7-jboss-ejb-client<0:4.0.43-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration<0:1.7.2-10.Final_redhat_00011.1.el6ea
redhat/eap7-jsoup<0:1.14.2-1.redhat_00002.1.el6ea
and 55 more
CVE-2021-36090
A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This fla...
redhat/apache-commons-compress<0:1.21-1.2.el8e
IBM Cloud Pak System<=V2.3.0 - V2.3.3.3 Interim Fix 1
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.0<1.21
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
and 69 more
CVE-2021-35515
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allo...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.6<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 43 more
CVE-2021-35517
A flaw was found in apache-commons-compress. When reading a specially crafted TAR archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This fla...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.1<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 50 more
CVE-2021-35516
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.6<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 43 more
CVE-2021-30468
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CP...
Apache CXF<3.3.11
Apache CXF>=3.4.0<3.4.4
Apache TomEE=8.0.6
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=12.2.1.3.0
and 12 more
CVE-2021-31811
Apache PDFBox is vulnerable to a denial of service, caused by an out-of-memory exception while loading a file. By persuading a victim to open a specially-crafted PDF file, a remote attacker could expl...
Apache PDFBox>=2.0.0<=2.0.23
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Banking Corporate Lending Process Management=14.2.0
Oracle Banking Corporate Lending Process Management=14.3.0
Oracle Banking Corporate Lending Process Management=14.5.0
and 17 more
CVE-2021-31812
Apache PDFBox is vulnerable to a denial of service, caused by an error while loading a file. By persuading a victim to open a specially-crafted PDF file, a remote attacker could exploit this vulnerabi...
Apache PDFBox>=2.0.0<=2.0.23
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Banking Corporate Lending Process Management=14.2.0
Oracle Banking Corporate Lending Process Management=14.3.0
Oracle Banking Corporate Lending Process Management=14.5.0
and 8 more
CVE-2021-33813
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
Jdom Jdom<=2.0.6
Apache Solr=8.8.1
Apache Solr=8.9
Apache Tika=1.25
Debian Debian Linux=9.0
Fedoraproject Fedora=35
and 4 more
CVE-2021-28657
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Apache Tika<=1.25
Oracle Healthcare Foundation=7.3.0
Oracle Healthcare Foundation=8.0.0
Oracle Healthcare Foundation=8.1.0
Oracle Primavera Unifier>=17.7<=17.12
Oracle Primavera Unifier=18.8
and 5 more
CVE-2021-21409
### Impact The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request...
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec-http2>=4.0.0<4.1.61.Final
redhat/qpid-proton<0:0.33.0-6.el7_9
redhat/qpid-proton<0:0.33.0-8.el8
redhat/eap7-elytron-web<0:1.6.3-1.Final_redhat_00001.1.el6ea
and 75 more
CVE-2021-27807
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
redhat/pdfbox<2.0.23
Apache PDFBox>=2.0.0<=2.0.22
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Banking Trade Finance Process Management=14.2.0
and 26 more
CVE-2021-27906
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
redhat/pdfbox<2.0.23
Apache PDFBox>=2.0.0<=2.0.22
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Banking Corporate Lending Process Management=14.2.0
and 37 more
CVE-2021-21290
### Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. The CVSSv3.1 ...
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec-http>=4.0.0<4.1.59.Final
redhat/qpid-proton<0:0.33.0-6.el7_9
redhat/qpid-proton<0:0.33.0-8.el8
redhat/eap7-artemis-wildfly-integration<0:1.0.4-1.redhat_00001.1.el6ea
and 91 more
CVE-2020-36189
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 65 more
CVE-2020-28052
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect pass...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api=1.65
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api=1.66
Apache Karaf=4.3.2
Oracle Banking Corporate Lending Process Management=14.2.0
Oracle Banking Corporate Lending Process Management=14.3.0
Oracle Banking Corporate Lending Process Management=14.5.0
and 81 more
CVE-2020-13954
Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using the styleS...
Apache CXF<3.3.8
Apache CXF>=3.4.0<3.4.1
NetApp Snap Creator Framework
Netapp Vasa Provider For Clustered Data Ontap>=9.6
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
and 14 more
CVE-2020-24750
FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.Jn...
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.6
Oracle Agile PLM=9.3.6
Oracle Application Testing Suite=13.3.0.1
Oracle Autovue For Agile Product Lifecycle Management=21.0.2
Oracle Banking Corporate Lending Process Management=14.2.0
and 36 more
CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.5
IBM ISAM<=9.0.7
IBM Security Verify Access<=10.0.0
FasterXML jackson-databind>=2.0.0<2.9.10.6
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
and 30 more
CVE-2020-15358
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
IBM Security Verify Access<=10.0.0
Apple iCloud for Windows<7.21
Apple macOS Big Sur<11.0.1
Google Android
Apple macOS Big Sur<11.2
Apple Catalina
and 27 more
CVE-2020-13871
SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to c...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.32.2
Fedoraproject Fedora=33
Debian Debian Linux=9.0
Oracle Communications Messaging Server=8.1
Oracle Communications Network Charging And Control=6.0.1
and 9 more
CVE-2020-9489
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Pa...
Apache Tika=1.24
Oracle FLEXCUBE Private Banking=12.0.0
Oracle FLEXCUBE Private Banking=12.1.0
Oracle Primavera Unifier>=17.7<=17.12
Oracle Primavera Unifier=16.1
Oracle Primavera Unifier=16.2
and 5 more
CVE-2020-11656
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
SQLite SQLite<=3.31.1
NetApp ONTAP Select Deploy administration utility
Oracle Communications Network Charging And Control>=12.0.0<=12.0.3
Oracle Communications Network Charging And Control=6.0.1
Oracle Communications Network Charging And Control=12.0.2
Oracle Enterprise Manager Ops Center=12.4.0.0
and 9 more
CVE-2020-11655
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
SQLite SQLite<=3.31.1
NetApp ONTAP Select Deploy administration utility
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 26 more
CVE-2020-1951
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
ubuntu/tika<1.5-4ubuntu0.1
>=1.0<=1.23
=12.2.1.3.0
=12.2.1.4.0
=8.0.2
=8.1
and 14 more
CVE-2020-1950
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
>=1.0<=1.23
=12.2.1.3.0
=12.2.1.4.0
=8.0.2
=8.1
=12.0.0
and 15 more
CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
SQLite SQLite=3.31.1
Netapp Cloud Backup
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
Siemens Sinec Infrastructure Network Services<1.0.1.1
and 15 more
CVE-2020-11612
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server...
redhat/qpid-cpp<0:1.36.0-30.el6_10a
redhat/qpid-proton<0:0.31.0-3.el6_10
redhat/qpid-cpp<0:1.36.0-30.el7a
redhat/qpid-proton<0:0.31.0-3.el7
redhat/nodejs-rhea<0:1.0.21-1.el8
redhat/qpid-cpp<0:1.39.0-5.el8a
and 72 more
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind which did not have entity expansion secured properly making it vulnerable to XML external entity (XXE). This vulnerability is similar to <a href="https:...
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00002.1.el6ea
redhat/eap7-activemq-artemis<0:2.9.0-6.redhat_00016.1.el6ea
redhat/eap7-fge-btf<0:1.2.0-1.redhat_00007.1.el6ea
redhat/eap7-fge-msg-simple<0:1.1.0-1.redhat_00007.1.el6ea
redhat/eap7-hal-console<0:3.2.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.21-1.Final_redhat_00001.1.el6ea
and 147 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
CVE-2019-0228
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
Apache PDFBox=2.0.14
Apache James=3.3.0
Apache James=3.4.0
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Oracle Banking Corporate Lending Process Management=14.2
and 26 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203