Oracle Stream Analytics 19c

CPE Details

Oracle Stream Analytics 19c
oracle
stream_analytics
19c
2022-08-03
11h30 +00:00
2022-08-12
18h37 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

stream_analytics

Version

19c

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-37714 2021-08-18 13h10 +00:00 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
7.5
High
CVE-2021-34429 2021-07-15 15h00 +00:00 For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
5.3
Medium