Latest oracle communications services gatekeeper Vulnerabilities

CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unau...
Oracle Advanced Networking Option=12.1.0.2
Oracle Advanced Networking Option=12.2.0.1
Oracle Advanced Networking Option=19c
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
and 242 more
CVE-2021-34428
Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() me...
redhat/jenkins<0:2.289.3.1630554997-1.el8
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.4.41
redhat/jetty<10.0.3
redhat/jetty<11.0.3
and 19 more
CVE-2021-28163
Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sen...
redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9
redhat/jenkins<0:2.277.3.1620393611-1.el8
redhat/runc<0:1.0.0-95.rhaos4.8.gitcd80260.el8
redhat/jetty<9.4.39
redhat/jetty<10.0.2
redhat/jetty<11.0.2
and 33 more
CVE-2021-28165
### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU re...
maven/org.eclipse.jetty:jetty-server>=11.0.0<11.0.2
maven/org.eclipse.jetty:jetty-server>=10.0.0<10.0.2
maven/org.eclipse.jetty:jetty-server>=7.2.2<9.4.39
redhat/rh-eclipse-jetty<0:9.4.40-1.1.el7_9
redhat/jenkins<0:2.277.3.1620393611-1.el8
redhat/runc<0:1.0.0-95.rhaos4.8.gitcd80260.el8
and 29 more
CVE-2021-23337
`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
redhat/cockpit-ovirt<0:0.15.1-2.el8e
redhat/ovirt-engine-ui-extensions<0:1.2.6-1.el8e
redhat/ovirt-web-ui<0:1.6.9-1.el8e
redhat/nodejs-lodash<4.17.21
npm/lodash-template<=1.0.0
npm/lodash.template<=4.5.0
and 50 more
CVE-2020-28500
A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.
redhat/cockpit-ovirt<0:0.15.1-2.el8e
redhat/ovirt-engine-ui-extensions<0:1.2.6-1.el8e
redhat/ovirt-web-ui<0:1.6.9-1.el8e
npm/lodash.trim<=4.5.1
npm/lodash.trimend<=4.5.1
npm/lodash-es<4.17.21
and 44 more
CVE-2020-36181
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-36179
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 65 more
CVE-2020-36183
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.00<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0.<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36182
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36180
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 72 more
CVE-2020-36185
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-35728
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka em...
IBM Disconnected Log Collector<=v1.0 - v1.8.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.7
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.9.0<2.9.10.8
Debian Debian Linux=9.0
NetApp Service Level Manager
and 62 more
CVE-2020-36188
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 73 more
CVE-2020-36189
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 65 more
CVE-2020-36186
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-36187
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-36184
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-35490
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
IBM Security Verify Governance<=10.0
redhat/jackson-databind<2.9.10.8
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.7
FasterXML jackson-databind>=2.0.0<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
and 35 more
CVE-2020-35491
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
IBM Security Verify Governance<=10.0
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 35 more
CVE-2020-27218
### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received en...
redhat/jenkins<0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
redhat/jetty<9.4.35.
redhat/jetty<10.0.0.
redhat/jetty<11.0.0.
and 31 more
CVE-2020-17521
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method ca...
Apache Groovy>=2.0.0<=2.4.20
Apache Groovy>=2.5.0<=2.5.13
Apache Groovy>=3.0.0<=3.0.6
Apache Groovy=4.0.0-alpha1
Netapp Snapcenter
Oracle Agile Engineering Data Management=6.2.1.0
and 37 more
CVE-2020-27216
### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the sh...
redhat/rh-eclipse<1:4.17-6.el7_9
redhat/rh-eclipse-ant<0:1.10.9-1.2.el7
redhat/rh-eclipse-antlr32<0:3.2-28.1.el7
redhat/rh-eclipse-apache-sshd<1:2.4.0-5.1.el7
redhat/rh-eclipse-apiguardian<0:1.1.0-6.1.el7
redhat/rh-eclipse-args4j<0:2.33-12.2.el7
and 108 more
CVE-2020-24750
FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.Jn...
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.6
Oracle Agile PLM=9.3.6
Oracle Application Testing Suite=13.3.0.1
Oracle Autovue For Agile Product Lifecycle Management=21.0.2
Oracle Banking Corporate Lending Process Management=14.2.0
and 36 more
CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.5
IBM ISAM<=9.0.7
IBM Security Verify Access<=10.0.0
FasterXML jackson-databind>=2.0.0<2.9.10.6
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
and 30 more
CVE-2020-11023
### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may e...
maven/org.webjars.npm:jquery>=1.0.3<3.5.0
nuget/jQuery>=1.0.3<3.5.0
rubygems/jquery-rails<4.4.0
npm/jquery>=1.0.3<3.5.0
debian/jquery
debian/node-jquery<=2.2.4+dfsg-4
and 105 more
CVE-2020-9488
Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a ma...
debian/apache-log4j2
redhat/qpid-cpp<0:1.36.0-31.el6_10a
redhat/qpid-proton<0:0.32.0-1.el6_10
redhat/qpid-cpp<0:1.36.0-31.el7a
redhat/qpid-proton<0:0.32.0-2.el7
redhat/nodejs-rhea<0:1.0.24-1.el8
and 110 more
CVE-2020-11022
### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patch...
rubygems/jquery-rails<4.4.0
maven/org.webjars.npm:jquery>=1.2.0<3.5.0
nuget/jquery>=1.2.0<3.5.0
npm/jquery>=1.2.0<3.5.0
redhat/qpid-dispatch<0:1.13.0-3.el6_10
redhat/qpid-dispatch<0:1.13.0-3.el7
and 164 more
CVE-2020-7226
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length ...
redhat/eap7-activemq-artemis<0:2.9.0-4.redhat_00010.1.el6ea
redhat/eap7-apache-cxf<0:3.2.12-1.redhat_00001.1.el6ea
redhat/eap7-bouncycastle<0:1.60.0-2.redhat_00002.1.el6ea
redhat/eap7-codehaus-jackson<0:1.9.13-10.redhat_00007.1.el6ea
redhat/eap7-cryptacular<0:1.2.4-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-el<0:3.0.1-5.b08_redhat_00004.1.el6ea
and 269 more
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind which did not have entity expansion secured properly making it vulnerable to XML external entity (XXE). This vulnerability is similar to <a href="https:...
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00002.1.el6ea
redhat/eap7-activemq-artemis<0:2.9.0-6.redhat_00016.1.el6ea
redhat/eap7-fge-btf<0:1.2.0-1.redhat_00007.1.el6ea
redhat/eap7-fge-msg-simple<0:1.1.0-1.redhat_00007.1.el6ea
redhat/eap7-hal-console<0:3.2.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.21-1.Final_redhat_00001.1.el6ea
and 147 more
CVE-2019-2904
Oracle ADF Faces Deserialization of Untrusted Data Remote Code Execution Vulnerability
Oracle ADF Faces
Oracle Application Testing Suite=12.5.0.3
Oracle Application Testing Suite=13.1.0.1
Oracle Application Testing Suite=13.2.0.1
Oracle Application Testing Suite=13.3.0.1
Oracle Banking Enterprise Collections=2.7.0
and 43 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
CVE-2019-10246
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a listing of directory contents. By sending a specially-crafted request, a rem...
Eclipse Jetty=9.2.27-20190403
Eclipse Jetty=9.3.26-20190403
Eclipse Jetty=9.4.16-20190411
Microsoft Windows
NetApp OnCommand System Manager>=3.0<=3.1.3
NetApp Snap Creator Framework
and 49 more
CVE-2019-10247
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulner...
IBM Cognos Command Center<=10.2.4.1
debian/jetty9
redhat/jetty<9.2.28
redhat/jetty<9.3.27
redhat/jetty<9.4.16
Eclipse Jetty=7.0.0-20091005
and 334 more
CVE-2019-11358
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted J...
redhat/ansible-tower<0:3.5.2-1.el7a
redhat/cfme<0:5.10.9.1-1.el7cf
redhat/cfme-amazon-smartstate<0:5.10.9.1-1.el7cf
redhat/cfme-appliance<0:5.10.9.1-1.el7cf
redhat/cfme-gemset<0:5.10.9.1-1.el7cf
redhat/ovirt-ansible-hosted-engine-setup<0:1.0.23-1.el7e
and 267 more
CVE-2018-11040
Pivotal Spring Framework could allow a remote attacker to bypass security restrictions, caused by a flaw in AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView. By sending...
IBM GDE<=3.0.0.2
maven/org.springframework:spring-core>=4.3.0<4.3.18
maven/org.springframework:spring-core>=5.0.0<5.0.7
VMware Spring Framework<4.3.18
VMware Spring Framework>=5.0.0<5.0.7
Oracle Agile Product Lifecycle Management=9.3.3
and 48 more
CVE-2018-11039
Pivotal Spring Framework is vulnerable to cross-site tracing, caused by a flaw in the HiddenHttpMethodFilter in Spring MVC. By persuading a victim to visit a specially-crafted Web site, an attacker co...
IBM GDE<=3.0.0.2
maven/org.springframework:spring-web>=4.3.0<4.3.18
maven/org.springframework:spring-web>=5.0.0<5.0.7
VMware Spring Framework<4.3.18
VMware Spring Framework>=5.0.0<5.0.7
Oracle Agile PLM=9.3.3
and 61 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203