VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Oracle
>
Banking Supply Chain Finance
> 14.2.0
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-06-12
CVE-2021-31811
Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.
local
low complexity
apache
fedoraproject
oracle
CWE-770
5.5
5.5
2021-06-12
CVE-2021-31812
Infinite Loop vulnerability in multiple products
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file.
local
low complexity
apache
fedoraproject
oracle
CWE-835
5.5
5.5
2021-05-28
CVE-2021-29505
Deserialization of Untrusted Data vulnerability in multiple products
XStream is software for serializing Java objects to XML and back again.
network
low complexity
xstream-project
debian
fedoraproject
netapp
oracle
CWE-502
8.8
8.8
2021-03-19
CVE-2021-27906
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.
local
low complexity
apache
fedoraproject
oracle
5.5
5.5
2021-02-15
CVE-2021-23337
Code Injection vulnerability in multiple products
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
network
low complexity
lodash
oracle
netapp
siemens
CWE-94
6.5
6.5
2021-02-15
CVE-2020-28500
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash
oracle
siemens
5.0
5.0
2020-12-18
CVE-2020-28052
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66.
network
high complexity
bouncycastle
apache
oracle
8.1
8.1
2020-09-17
CVE-2020-24750
Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
network
high complexity
fasterxml
oracle
debian
CWE-502
8.1
8.1
2020-07-31
CVE-2020-5413
Deserialization of Untrusted Data vulnerability in multiple products
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization.
network
low complexity
vmware
oracle
CWE-502
7.5
7.5
2020-07-15
CVE-2020-8203
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
network
high complexity
lodash
oracle
7.4
7.4
«
1
(current)
2
»
Next