Oracle

Communications Session Report Manager

69 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-28165

Exploit
  • EPSS 13.15%
  • Published 01.04.2021 15:15:14
  • Last modified 27.08.2025 21:15:37

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

4

CVE-2021-28163

Exploit
  • EPSS 0.21%
  • Published 01.04.2021 15:15:14
  • Last modified 21.11.2024 05:59:12

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps thems...

5.5

CVE-2021-27906

  • EPSS 0.54%
  • Published 19.03.2021 16:15:13
  • Last modified 21.11.2024 05:58:45

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5

CVE-2021-27807

  • EPSS 0.54%
  • Published 19.03.2021 16:15:13
  • Last modified 21.11.2024 05:58:36

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

6.1

CVE-2020-13947

  • EPSS 8.02%
  • Published 08.02.2021 22:15:12
  • Last modified 21.11.2024 05:02:12

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

7.5

CVE-2021-26117

  • EPSS 16.3%
  • Published 27.01.2021 19:15:13
  • Last modified 21.11.2024 05:55:53

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is...

8.1

CVE-2020-36183

Exploit
  • EPSS 2.72%
  • Published 07.01.2021 00:15:15
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

8.1

CVE-2020-36182

Exploit
  • EPSS 2.51%
  • Published 07.01.2021 00:15:14
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-36180

Exploit
  • EPSS 2.72%
  • Published 07.01.2021 00:15:14
  • Last modified 21.11.2024 05:28:54

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-36179

Exploit
  • EPSS 61.3%
  • Published 07.01.2021 00:15:14
  • Last modified 21.11.2024 05:28:54

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.