Latest oracle customer management and segmentation foundation Vulnerabilities

CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer an...
Apache MINA<2.0.22
Apache MINA>=2.1.0<2.1.5
Oracle Banking Payments=14.5
Oracle Banking Trade Finance Process Management=14.5
Oracle Banking Treasury Management=14.5
Oracle Communications Cloud Native Core Console=1.9.0
and 8 more
CVE-2019-20330
A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector.
redhat/candlepin<0:2.6.16-1.el7
redhat/foreman<0:1.22.0.39-2.el7
redhat/satellite<0:6.6.3-1.el7
redhat/tfm-rubygem-fog-ovirt<0:1.2.3-1.el7
redhat/tfm-rubygem-katello<0:3.12.0.41-1.el7
redhat/tfm-rubygem-runcible<0:2.13.0-1.el7
and 79 more
CVE-2019-17267
A flaw was found in jackson-databind before 2.9.10. New serialization gadgets were found regarding a class of the ehcache package which may help in exploiting deserialization issues. Upstream issue: ...
maven/com.fasterxml.jackson.core:jackson-databind<2.8.11.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<2.9.10
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
and 93 more
CVE-2019-16335
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability tha...
maven/com.fasterxml.jackson.core:jackson-databind<2.6.7.3
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.8.11.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<2.9.10
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
and 117 more
CVE-2019-14540
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to `com.zaxxer.hikari.HikariConfig`.
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 132 more
CVE-2019-12402
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service at...
maven/io.github.1tchy.java9modular.org.apache.commons:commons-compress=1.18.1
maven/org.apache.commons:commons-compress>=1.15<1.19
redhat/apache-commons-compress<1.19
Apache Commons Compress>=1.15<=1.18
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 35 more
CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Jav...
redhat/apache-commons-beanutils<0:1.8.3-15.el7_7
redhat/eap7-activemq-artemis<0:2.9.0-2.redhat_00009.1.el6ea
redhat/eap7-apache-commons-beanutils<0:1.9.4-1.redhat_00002.1.el6ea
redhat/eap7-glassfish-el<0:3.0.1-4.b08_redhat_00003.1.el6ea
redhat/eap7-glassfish-jaxb<0:2.3.3-4.b02_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-7.SP3_redhat_00005.1.el6ea
and 486 more
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
redhat/rhvm-dependencies<0:4.4.0-1.el8e
IBM Data Risk Manager<=2.0.6
maven/org.quartz-scheduler:quartz<2.3.2
redhat/quartz<2.3.2
Softwareag Quartz<2.3.2
Oracle Apache Batik Mapviewer=12.2.0.1
and 178 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203