Vulnerabilities > Oracle > Communications Diameter Intelligence HUB

DATE CVE VULNERABILITY TITLE RISK
2022-02-01 CVE-2021-43859 Resource Exhaustion vulnerability in multiple products
XStream is an open source java library to serialize objects to XML and back again.
7.5
2021-09-19 CVE-2021-40690 Information Exposure vulnerability in multiple products
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache debian oracle CWE-200
7.5
2021-07-21 CVE-2021-2351 Session Fixation vulnerability in Oracle products
Vulnerability in the Advanced Networking Option component of Oracle Database Server.
network
high complexity
oracle CWE-384
8.3
2021-07-14 CVE-2021-36374 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
2021-07-13 CVE-2021-35515 Infinite Loop vulnerability in multiple products
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop.
network
low complexity
apache netapp oracle CWE-835
7.5
2021-07-13 CVE-2021-35516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache netapp oracle CWE-770
7.5
2021-07-13 CVE-2021-35517 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache netapp oracle CWE-770
7.5
2021-07-13 CVE-2021-36090 When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache oracle netapp
7.5
2021-05-27 CVE-2021-22118 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
local
low complexity
vmware oracle netapp CWE-668
7.8
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8