Oracle

Communications Messaging Server

23 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-27807

  • EPSS 0.54%
  • Published 19.03.2021 16:15:13
  • Last modified 21.11.2024 05:58:36

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5

CVE-2021-27906

  • EPSS 0.54%
  • Published 19.03.2021 16:15:13
  • Last modified 21.11.2024 05:58:45

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

8.1

CVE-2020-28052

Exploit
  • EPSS 3.78%
  • Published 18.12.2020 01:15:12
  • Last modified 12.05.2025 17:37:16

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previous...

7.5

CVE-2020-25649

  • EPSS 0.01%
  • Published 03.12.2020 17:15:12
  • Last modified 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

6.1

CVE-2020-13954

  • EPSS 8.03%
  • Published 12.11.2020 13:15:11
  • Last modified 21.11.2024 05:02:13

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to ...

5.5

CVE-2020-9489

  • EPSS 0.56%
  • Published 27.04.2020 14:15:11
  • Last modified 21.11.2024 05:40:45

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and...

9.8

CVE-2020-11656

  • EPSS 8.47%
  • Published 09.04.2020 03:15:11
  • Last modified 21.11.2024 04:58:20

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

7.5

CVE-2020-11655

Exploit
  • EPSS 4.89%
  • Published 09.04.2020 03:15:11
  • Last modified 21.11.2024 04:58:20

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

7.5

CVE-2020-11612

  • EPSS 1.85%
  • Published 07.04.2020 18:15:13
  • Last modified 21.11.2024 04:58:14

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free m...

7.5

CVE-2020-9327

  • EPSS 0.7%
  • Published 21.02.2020 22:15:10
  • Last modified 21.11.2024 05:40:25

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.