Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-23337 |
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Published: February 15, 2021; 8:15:12 AM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2020-28500 |
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Published: February 15, 2021; 6:15:12 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-28052 |
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. Published: December 17, 2020; 8:15:12 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-8174 |
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. Published: July 24, 2020; 6:15:12 PM -0400 |
V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2020-8203 |
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Published: July 15, 2020; 1:15:11 PM -0400 |
V3.1: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2020-8172 |
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. Published: June 08, 2020; 10:15:13 AM -0400 |
V3.1: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2020-11080 |
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. Published: June 03, 2020; 7:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-10531 |
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. Published: March 12, 2020; 3:15:13 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-10744 |
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. Published: July 25, 2019; 8:15:11 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |