Vulnerabilities > Oracle > Communications IP Service Activator > 7.3.0

DATE CVE VULNERABILITY TITLE RISK
2019-08-30 CVE-2019-12402 Infinite Loop vulnerability in multiple products
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs.
network
low complexity
apache fedoraproject oracle CWE-835
7.5
2019-07-26 CVE-2019-13990 XXE vulnerability in multiple products
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
network
low complexity
softwareag oracle apache netapp atlassian CWE-611
critical
9.8
2019-04-22 CVE-2019-5427 XML Entity Expansion vulnerability in multiple products
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
network
low complexity
mchange fedoraproject oracle CWE-776
7.5
2018-11-16 CVE-2018-15769 RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue.
network
low complexity
dell oracle
7.5
2018-09-14 CVE-2018-11058 Out-of-bounds Read vulnerability in multiple products
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data.
network
low complexity
dell oracle CWE-125
critical
9.8
2018-08-31 CVE-2018-11057 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption.
network
high complexity
dell oracle CWE-327
5.9
2018-08-31 CVE-2018-11056 Resource Exhaustion vulnerability in multiple products
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data.
network
low complexity
dell oracle CWE-400
6.5
2018-08-31 CVE-2018-11055 Improper Resource Shutdown or Release vulnerability in multiple products
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability.
local
low complexity
dell oracle CWE-404
5.5
2018-04-26 CVE-2018-10237 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
network
high complexity
google redhat oracle CWE-770
5.9