Oracle Blockchain Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Blockchain Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2021-2351 — CVSS 8.3 (high): Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2…
CVE-2020-8174 — CVSS 8.1 (high): napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
CVE-2020-24750 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-28052 — CVSS 8.1 (high): An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared…
CVE-2020-35490 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-35491 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-35728 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36179 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36180 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36181 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36182 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36183 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36184 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36185 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36186 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36187 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36188 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36189 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-24616 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-5245 — CVSS 7.9 (high): Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard…
CVE-2021-23017 — CVSS 7.7 (high): A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to…
CVE-2019-13565 — CVSS 7.5 (high): An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL…
CVE-2020-13935 — CVSS 7.5 (high): The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to…
CVE-2019-12399 — CVSS 7.5 (high): When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers…
CVE-2020-8277 — CVSS 7.5 (high): A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in…
CVE-2020-17527 — CVSS 7.5 (high): While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could…
CVE-2020-25649 — CVSS 7.5 (high): A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to…
CVE-2017-17740 — CVSS 7.5 (high): contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to…
CVE-2020-8172 — CVSS 7.4 (high): TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
CVE-2019-10086 — CVSS 7.3 (high): In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to…
CVE-2020-11022 — CVSS 6.9 (medium): In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM…
CVE-2017-9287 — CVSS 6.5 (medium): servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the…
CVE-2019-13057 — CVSS 4.9 (medium): An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges…
CVE-2021-29425 — CVSS 4.8 (medium): In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or…
CVE-2020-27218 — CVSS 4.8 (medium): In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request…
CVE-2017-14159 — CVSS 4.7 (medium): slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to…
CVE-2020-15719 — CVSS 4.2 (medium): libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125…
CVE-2020-11080 — CVSS 3.7 (low): In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack…