Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Communications Messaging Server
Total 41 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36189 4 Debian, Fasterxml, Netapp and 1 more 40 Debian Linux, Jackson-databind, Cloud Backup and 37 more 2024-02-28 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2020-13954 3 Apache, Netapp, Oracle 6 Cxf, Snap Creator Framework, Vasa Provider For Clustered Data Ontap and 3 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.
CVE-2021-27807 3 Apache, Fedoraproject, Oracle 15 Pdfbox, Fedora, Banking Trade Finance Process Management and 12 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVE-2021-27906 3 Apache, Fedoraproject, Oracle 19 Pdfbox, Fedora, Banking Corporate Lending Process Management and 16 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVE-2020-15358 5 Apple, Canonical, Oracle and 2 more 16 Icloud, Ipados, Iphone Os and 13 more 2024-02-28 2.1 LOW 5.5 MEDIUM
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
CVE-2020-11656 5 Netapp, Oracle, Siemens and 2 more 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2020-1951 4 Apache, Canonical, Debian and 1 more 6 Tika, Ubuntu Linux, Debian Linux and 3 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
CVE-2020-9489 2 Apache, Oracle 5 Tika, Communications Messaging Server, Flexcube Private Banking and 2 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.
CVE-2020-24616 4 Debian, Fasterxml, Netapp and 1 more 25 Debian Linux, Jackson-databind, Active Iq Unified Manager and 22 more 2024-02-28 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVE-2020-13871 6 Debian, Fedoraproject, Netapp and 3 more 12 Debian Linux, Fedora, Cloud Backup and 9 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2020-11612 5 Debian, Fedoraproject, Netapp and 2 more 13 Debian Linux, Fedora, Oncommand Api Services and 10 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CVE-2020-11655 7 Canonical, Debian, Netapp and 4 more 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-24750 3 Debian, Fasterxml, Oracle 26 Debian Linux, Jackson-databind, Agile Plm and 23 more 2024-02-28 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVE-2020-1950 4 Apache, Canonical, Debian and 1 more 6 Tika, Ubuntu Linux, Debian Linux and 3 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
CVE-2019-10219 3 Netapp, Oracle, Redhat 195 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 192 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVE-2020-9327 5 Canonical, Netapp, Oracle and 2 more 11 Ubuntu Linux, Cloud Backup, Communications Messaging Server and 8 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVE-2019-0228 3 Apache, Fedoraproject, Oracle 14 James, Pdfbox, Fedora and 11 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 79 Log4j, Oncommand Api Services, Oncommand Insight and 76 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2016-5455 1 Oracle 1 Communications Messaging Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor.
CVE-2014-7923 6 Canonical, Google, Icu-project and 3 more 9 Ubuntu Linux, Chrome, International Components For Unicode and 6 more 2024-02-28 7.5 HIGH N/A
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.