Oracle Banking_party_management
16 CVEs affecting Oracle Banking_party_management. Latest disclosed: 2022-01-24. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-13936 | High | 8.8 | 2021-03-10 | An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account… |
CVE-2021-32808 | High | 7.6 | 2021-08-12 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside… |
CVE-2021-36090 | High | 7.5 | 2021-07-13 | When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for ve… |
CVE-2021-35517 | High | 7.5 | 2021-07-13 | When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for ve… |
CVE-2021-35516 | High | 7.5 | 2021-07-13 | When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for ver… |
CVE-2021-35515 | High | 7.5 | 2021-07-13 | When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used… |
CVE-2021-37695 | High | 7.3 | 2021-08-13 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ck… |
CVE-2022-23437 | Medium | 6.5 | 2022-01-24 | There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML… |
CVE-2021-43797 | Medium | 6.5 | 2021-12-09 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty pr… |
CVE-2021-26272 | Medium | 6.5 | 2021-01-26 | It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then pr… |
CVE-2021-35043 | Medium | 6.1 | 2021-07-19 | OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript… |
CVE-2020-27193 | Medium | 6.1 | 2020-11-12 | A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading… |
CVE-2019-10219 | Medium | 6.1 | 2019-11-08 | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious cod… |
CVE-2021-45105 | Medium | 5.9 | 2021-12-18 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This a… |
CVE-2021-29425 | Medium | 4.8 | 2021-04-13 | In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result wou… |
CVE-2021-32809 | Medium | 4.6 | 2021-08-12 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckedi… |