Vulnerabilities > Oracle > Blockchain Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8
2020-11-28 CVE-2020-27218 In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body.
network
high complexity
eclipse netapp oracle apache debian
4.8
2020-07-14 CVE-2020-15719 Improper Certificate Validation vulnerability in multiple products
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support.
network
high complexity
openldap redhat opensuse mcafee oracle CWE-295
4.2
2020-04-29 CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
2019-07-26 CVE-2019-13057 An issue was discovered in the server in OpenLDAP before 2.4.48. 4.9
2017-09-05 CVE-2017-14159 Improper Initialization vulnerability in multiple products
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.
local
high complexity
openldap oracle CWE-665
4.7
2017-05-29 CVE-2017-9287 Double Free vulnerability in multiple products
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability.
network
low complexity
openldap debian redhat mcafee oracle CWE-415
6.5