Oracle

Communications Messaging Server

23 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-37714

  • EPSS 0.59%
  • Published 18.08.2021 15:15:08
  • Last modified 21.11.2024 06:15:46

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the par...

7.5

CVE-2021-36090

  • EPSS 0.28%
  • Published 13.07.2021 08:15:07
  • Last modified 21.11.2024 06:13:08

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services th...

7.5

CVE-2021-35517

  • EPSS 0.28%
  • Published 13.07.2021 08:15:07
  • Last modified 21.11.2024 06:12:25

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services th...

7.5

CVE-2021-35516

  • EPSS 0.28%
  • Published 13.07.2021 08:15:07
  • Last modified 21.11.2024 06:12:25

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services tha...

7.5

CVE-2021-35515

  • EPSS 0.11%
  • Published 13.07.2021 08:15:07
  • Last modified 21.11.2024 06:12:25

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

7.5

CVE-2021-33813

Media report Exploit
  • EPSS 0.08%
  • Published 16.06.2021 12:15:12
  • Last modified 21.11.2024 06:09:37

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

7.5

CVE-2021-30468

  • EPSS 0.4%
  • Published 16.06.2021 12:15:12
  • Last modified 21.11.2024 06:03:58

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF vers...

5.5

CVE-2021-31812

  • EPSS 0.04%
  • Published 12.06.2021 10:15:07
  • Last modified 21.11.2024 06:06:16

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

5.5

CVE-2021-31811

  • EPSS 0.41%
  • Published 12.06.2021 10:15:07
  • Last modified 21.11.2024 06:06:16

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

5.5

CVE-2021-28657

  • EPSS 0.3%
  • Published 31.03.2021 08:15:11
  • Last modified 21.11.2024 06:00:02

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.