Oracle

Communications Diameter Signaling Router

80 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2020-7059

Exploit
  • EPSS 2.16%
  • Veröffentlicht 10.02.2020 08:15:12
  • Zuletzt bearbeitet 21.11.2024 05:36:35

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead t...

5.3

CVE-2020-5397

Exploit
  • EPSS 0.89%
  • Veröffentlicht 17.01.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:34:03

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vul...

7.6

CVE-2020-5398

  • EPSS 90.57%
  • Veröffentlicht 17.01.2020 00:15:12
  • Zuletzt bearbeitet 21.11.2024 05:34:04

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response...

7.5

CVE-2019-12423

  • EPSS 1.32%
  • Veröffentlicht 16.01.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:22:48

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from...

9.8

CVE-2020-2555

Warnung Exploit
  • EPSS 93.16%
  • Veröffentlicht 15.01.2020 17:15:17
  • Zuletzt bearbeitet 14.02.2025 16:47:18

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows una...

9.8

CVE-2019-2904

  • EPSS 21.04%
  • Veröffentlicht 16.10.2019 18:15:27
  • Zuletzt bearbeitet 21.11.2024 04:41:46

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacke...

7.5

CVE-2019-17359

  • EPSS 7.63%
  • Veröffentlicht 08.10.2019 14:15:10
  • Zuletzt bearbeitet 12.05.2025 17:37:16

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

6.1

CVE-2019-17091

Exploit
  • EPSS 8.42%
  • Veröffentlicht 02.10.2019 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:40

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.

7.5

CVE-2019-14439

  • EPSS 9.41%
  • Veröffentlicht 30.07.2019 11:15:11
  • Zuletzt bearbeitet 21.11.2024 04:26:44

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logbac...

9.8

CVE-2019-14379

  • EPSS 1.46%
  • Veröffentlicht 29.07.2019 12:15:16
  • Zuletzt bearbeitet 21.11.2024 04:26:37

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.