Oracle Banking Extensibility Workbench 14.3.0

CPE Details

Oracle Banking Extensibility Workbench 14.3.0
oracle
banking_extensibility_workbench
14.3.0
2021-03-04
18h44 +00:00
2021-03-18
14h24 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

banking_extensibility_workbench

Version

14.3.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-23337 2021-02-15 12h15 +00:00 Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
7.2
High
CVE-2020-28500 2021-02-15 11h10 +00:00 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
5.3
Medium
CVE-2020-28052 2020-12-17 23h52 +00:00 An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
8.1
High
CVE-2020-8174 2020-07-24 19h45 +00:00 napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
8.1
High
CVE-2020-8203 2020-07-15 14h10 +00:00 Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
7.4
High
CVE-2020-8172 2020-06-08 11h08 +00:00 TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
7.4
High
CVE-2020-11080 2020-06-02 22h00 +00:00 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
7.5
High
CVE-2020-10531 2020-03-12 17h09 +00:00 An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
8.8
High
CVE-2019-10744 2019-07-25 21h43 +00:00 Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
9.1
Critical