Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Communications Messaging Server
Total 41 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-9489 2 Apache, Oracle 5 Tika, Communications Messaging Server, Flexcube Private Banking and 2 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.
CVE-2020-9327 5 Canonical, Netapp, Oracle and 2 more 11 Ubuntu Linux, Cloud Backup, Communications Messaging Server and 8 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVE-2020-36189 4 Debian, Fasterxml, Netapp and 1 more 40 Debian Linux, Jackson-databind, Cloud Backup and 37 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2020-28052 3 Apache, Bouncycastle, Oracle 20 Karaf, Legion-of-the-bouncy-castle-java-crytography-api, Banking Corporate Lending Process Management and 17 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
CVE-2020-25649 6 Apache, Fasterxml, Fedoraproject and 3 more 39 Iotdb, Jackson-databind, Fedora and 36 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVE-2020-24750 3 Debian, Fasterxml, Oracle 26 Debian Linux, Jackson-databind, Agile Plm and 23 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVE-2020-24616 4 Debian, Fasterxml, Netapp and 1 more 25 Debian Linux, Jackson-databind, Active Iq Unified Manager and 22 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVE-2020-1951 4 Apache, Canonical, Debian and 1 more 6 Tika, Ubuntu Linux, Debian Linux and 3 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
CVE-2020-1950 4 Apache, Canonical, Debian and 1 more 6 Tika, Ubuntu Linux, Debian Linux and 3 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
CVE-2020-15358 5 Apple, Canonical, Oracle and 2 more 16 Icloud, Ipados, Iphone Os and 13 more 2024-11-21 2.1 LOW 5.5 MEDIUM
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
CVE-2020-13954 3 Apache, Netapp, Oracle 6 Cxf, Snap Creator Framework, Vasa Provider For Clustered Data Ontap and 3 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.
CVE-2020-13871 6 Debian, Fedoraproject, Netapp and 3 more 12 Debian Linux, Fedora, Cloud Backup and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2020-11656 5 Netapp, Oracle, Siemens and 2 more 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2020-11655 7 Canonical, Debian, Netapp and 4 more 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-11612 5 Debian, Fedoraproject, Netapp and 2 more 13 Debian Linux, Fedora, Oncommand Api Services and 10 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CVE-2019-10219 3 Netapp, Oracle, Redhat 195 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 192 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVE-2019-0228 3 Apache, Fedoraproject, Oracle 14 James, Pdfbox, Fedora and 11 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 79 Log4j, Oncommand Api Services, Oncommand Insight and 76 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2016-5455 1 Oracle 1 Communications Messaging Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor.
CVE-2014-7926 6 Canonical, Google, Icu-project and 3 more 9 Ubuntu Linux, Chrome, International Components For Unicode and 6 more 2024-11-21 7.5 HIGH N/A
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.