VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Oracle
>
Banking Extensibility Workbench
> 14.3.0
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-02-15
CVE-2021-23337
Code Injection vulnerability in multiple products
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
network
low complexity
lodash
oracle
netapp
siemens
CWE-94
7.2
7.2
2021-02-15
CVE-2020-28500
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash
oracle
siemens
5.3
5.3
2020-12-18
CVE-2020-28052
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66.
network
high complexity
bouncycastle
apache
oracle
8.1
8.1
2020-07-24
CVE-2020-8174
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
network
high complexity
nodejs
oracle
netapp
CWE-191
8.1
8.1
2020-07-15
CVE-2020-8203
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
network
high complexity
lodash
oracle
7.4
7.4
2020-06-08
CVE-2020-8172
Improper Certificate Validation vulnerability in multiple products
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
network
high complexity
nodejs
oracle
CWE-295
7.4
7.4
2020-06-03
CVE-2020-11080
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service.
network
low complexity
nghttp2
debian
opensuse
fedoraproject
oracle
nodejs
7.5
7.5
2020-03-12
CVE-2020-10531
Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1.
network
low complexity
icu-project
redhat
google
fedoraproject
debian
canonical
opensuse
oracle
nodejs
CWE-190
8.8
8.8
2019-07-26
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution.
network
low complexity
lodash
netapp
redhat
oracle
f5
critical
9.1
9.1