Oracle

Hyperion Infrastructure Technology

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-13871

Exploit
  • EPSS 2.44%
  • Veröffentlicht 06.06.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:02:02

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

9.8

CVE-2020-11656

  • EPSS 8.47%
  • Veröffentlicht 09.04.2020 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:20

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

7.5

CVE-2020-11655

Exploit
  • EPSS 4.89%
  • Veröffentlicht 09.04.2020 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:20

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

5.8

CVE-2020-1935

  • EPSS 1.01%
  • Veröffentlicht 24.02.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:38

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug...

7.5

CVE-2020-9327

  • EPSS 0.7%
  • Veröffentlicht 21.02.2020 22:15:10
  • Zuletzt bearbeitet 21.11.2024 05:40:25

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

7.5

CVE-2019-17563

  • EPSS 3.26%
  • Veröffentlicht 23.12.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:32

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be p...

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Veröffentlicht 08.11.2019 15:15:11
  • Zuletzt bearbeitet 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

5.5

CVE-2019-12415

  • EPSS 0.02%
  • Veröffentlicht 23.10.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:22:47

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...

7.5

CVE-2019-12402

  • EPSS 0.38%
  • Veröffentlicht 30.08.2019 09:15:17
  • Zuletzt bearbeitet 21.11.2024 04:22:45

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names insi...

9.8

CVE-2019-13990

  • EPSS 10.42%
  • Veröffentlicht 26.07.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:25:50

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.