Skip to main content

Communications Diameter Intelligence Hub

13 CVEs product

Monthly

CVE-2021-40690 Maven HIGH PATCH This Week

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Java Santuario Xml Security For Java Cxf +16
NVD
CVSS 3.1
7.5
EPSS
11.2%
CVE-2021-2351 HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option Agile Engineering Data Management Agile Plm +108
NVD
CVSS 3.1
8.3
EPSS
2.5%
CVE-2021-36374 Maven MEDIUM PATCH This Month

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Apache Ant Agile Engineering Data Management +34
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2021-36090 Maven HIGH PATCH This Week

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Banking Apis Banking Digital Experience Banking Enterprise Default Management +30
NVD
CVSS 3.1
7.5
EPSS
12.9%
CVE-2021-35517 Maven HIGH PATCH This Week

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Apis +23
NVD
CVSS 3.1
7.5
EPSS
10.6%
CVE-2021-35516 Maven HIGH PATCH This Week

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Digital Experience +20
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2021-35515 Maven HIGH PATCH This Week

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Digital Experience +22
NVD
CVSS 3.1
7.5
EPSS
11.6%
CVE-2021-22118 Maven HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Spring Framework Commerce Guided Search Communications Brm Elastic Charging Engine +29
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-29425 Maven MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io Debian Linux Access Manager +57
NVD
CVSS 3.1
4.8
EPSS
10.6%
CVE-2021-22696 Maven HIGH PATCH This Week

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Cxf Business Intelligence Communications Diameter Intelligence Hub +3
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2020-17530 Maven CRITICAL POC KEV PATCH THREAT Act Now

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache RCE Struts Business Intelligence Communications Diameter Intelligence Hub +5
NVD GitHub
CVSS 3.1
9.8
EPSS
95.9%
CVE-2020-1971 MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference Debian Linux Fedora +41
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-11971 Maven HIGH PATCH This Week

Apache Camel's JMX is vulnerable to Rebind Flaw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Camel Communications Diameter Intelligence Hub Communications Diameter Signaling Router +2
NVD
CVSS 3.1
7.5
EPSS
14.3%
EPSS 11% CVSS 7.5
HIGH PATCH This Week

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Java +18
NVD
EPSS 2% CVSS 8.3
HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option +110
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Apache +36
NVD
EPSS 13% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Banking Apis +32
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +25
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +22
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +24
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Spring Framework +31
NVD
EPSS 11% CVSS 4.8
MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io +59
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Cxf +5
NVD
EPSS 96% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache RCE Struts +7
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference +43
NVD VulDB
EPSS 14% CVSS 7.5
HIGH PATCH This Week

Apache Camel's JMX is vulnerable to Rebind Flaw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Camel +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy