Oracle

Banking Platform

72 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-21346

Exploit
  • EPSS 3.97%
  • Published 23.03.2021 00:15:12
  • Last modified 23.05.2025 17:41:29

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

9

CVE-2020-13936

  • EPSS 10.63%
  • Published 10.03.2021 08:15:14
  • Last modified 21.11.2024 05:02:11

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to u...

8.1

CVE-2020-36189

Exploit
  • EPSS 3.37%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:58

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

8.1

CVE-2020-35491

Exploit
  • EPSS 8.06%
  • Published 17.12.2020 19:15:14
  • Last modified 21.11.2024 05:27:24

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

8.1

CVE-2020-35490

Exploit
  • EPSS 5.58%
  • Published 17.12.2020 19:15:14
  • Last modified 21.11.2024 05:27:24

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

7.5

CVE-2020-25649

  • EPSS 0.01%
  • Published 03.12.2020 17:15:12
  • Last modified 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

9.3

CVE-2020-26217

Exploit
  • EPSS 93.01%
  • Published 16.11.2020 21:15:12
  • Last modified 23.05.2025 16:54:19

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone...

6.1

CVE-2020-27193

  • EPSS 0.91%
  • Published 12.11.2020 21:15:11
  • Last modified 21.11.2024 05:20:50

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

7.5

CVE-2020-11979

  • EPSS 0.61%
  • Published 01.10.2020 20:15:13
  • Last modified 21.11.2024 04:59:02

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without ...

6.3

CVE-2020-1945

  • EPSS 0.02%
  • Published 14.05.2020 16:15:12
  • Last modified 21.11.2024 05:11:42

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr...