Skip to main content

Coherence

14 CVEs product

Monthly

CVE-2022-21420 CRITICAL Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-43797 Maven MEDIUM PATCH This Month

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netty Quarkus Oncommand Workflow Automation +15
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2021-37136 Maven HIGH PATCH This Week

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Quarkus Banking Apis Banking Digital Experience +15
NVD GitHub
CVSS 3.1
7.5
EPSS
5.7%
CVE-2021-2428 HIGH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-2371 HIGH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Coherence
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-2344 HIGH PATCH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Coherence
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-2277 HIGH PATCH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Coherence
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-21409 Maven MEDIUM PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netty Debian Linux Oncommand Api Services +15
NVD GitHub
CVSS 3.1
5.9
EPSS
4.9%
CVE-2020-25649 Maven HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services Oncommand Workflow Automation Service Level Manager +35
NVD GitHub
CVSS 3.1
7.5
EPSS
17.6%
CVE-2020-14642 HIGH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Coherence
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-2949 MEDIUM This Month

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Coherence
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-2915 CRITICAL Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-2555 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Access Manager Coherence Commerce Platform +6
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.1%
CVE-2018-20301 MEDIUM This Month

An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Coherence
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netty +17
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Quarkus +17
NVD GitHub
EPSS 2% CVSS 8.1
HIGH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Coherence
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Coherence
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Coherence
NVD
EPSS 5% CVSS 5.9
MEDIUM PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netty +17
NVD GitHub
EPSS 18% CVSS 7.5
HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services +37
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Coherence
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Coherence
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
EPSS 97% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Access Manager +8
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Coherence
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy