CVE-2021-37714 vulnerabilities and exploits

(subscribe to Jsoup)

jsoup is a Java library for working with HTML. Those using jsoup versions before 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinit...

Jsoup Jsoup Quarkus Quarkus Oracle Banking Trade Finance 14.5 Oracle Banking Treasury Management 14.5 Oracle Business Process Management Suite 12.2.1.3.0 Oracle Business Process Management Suite 12.2.1.4.0 Oracle Flexcube Universal Banking Oracle Flexcube Universal Banking 14.5 Oracle Hospitality Token Proxy Service 19.2 Oracle Peoplesoft Enterprise Peopletools 8.58 Oracle Peoplesoft Enterprise Peopletools 8.59 Oracle Primavera Unifier 20.12

The OWASP Java HTML Sanitizer prior to 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

Owasp Java Html Sanitizer Oracle Middleware Common Libraries And Tools 12.2.1.3.0 Oracle Middleware Common Libraries And Tools 12.2.1.4.0 Oracle Primavera Unifier Oracle Primavera Unifier 18.8 Oracle Primavera Unifier 19.12 Oracle Primavera Unifier 20.12 Oracle Primavera Unifier 21.12

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Vmware Spring Framework Netapp Active Iq Unified Manager -Netapp Management Services For Element Software And Netapp Hci -Netapp Metrocluster Tiebreaker -Netapp Snap Creator Framework -Netapp Snapcenter -Oracle Communications Cloud Native Core Console 1.9.0 Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0

1 Github repository

A flaw was found in Keycloak in versions from 12.0.0 and prior to 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

Redhat Keycloak

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an malicious user to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions before 3.4.4; Apach...

Apache Cxf Apache Tomee 8.0.6 Oracle Business Intelligence 5.5.0.0.0 Oracle Business Intelligence 5.9.0.0.0 Oracle Business Intelligence 12.2.1.3.0 Oracle Business Intelligence 12.2.1.4.0 Oracle Communications Element Manager 8.2.2 Oracle Communications Messaging Server 8.1

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

Netty Netty Quarkus Quarkus Oracle Banking Apis Oracle Banking Apis 19.1 Oracle Banking Apis 19.2 Oracle Banking Apis 20.1 Oracle Banking Apis 21.1 Oracle Banking Digital Experience 18.1 Oracle Banking Digital Experience 18.2 Oracle Banking Digital Experience 18.3 Oracle Banking Digital Experience 19.1 Oracle Banking Digital Experience 19.2

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of inpu...

Vmware Spring Framework Oracle Communications Cloud Native Core Console 1.9.0 Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0

1 Github repository

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request ...

Eclipse Jetty Eclipse Jetty 10.0.0 Eclipse Jetty 11.0.0 Netapp Oncommand System Manager Netapp Snap Creator Framework -Oracle Blockchain Platform Oracle Communications Converged Application Server - Service Controller 6.2 Oracle Communications Offline Mediation Controller 12.0.0.3.0 Oracle Communications Pricing Design Center 12.0.0.3.0 Oracle Communications Services Gatekeeper 7.0 Oracle Communications Session Route Manager Oracle Flexcube Private Banking 12.0.0

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can ...

Netty Netty Oracle Banking Apis Oracle Banking Apis 19.1 Oracle Banking Apis 19.2 Oracle Banking Apis 20.1 Oracle Banking Apis 21.1 Oracle Banking Digital Experience 18.1 Oracle Banking Digital Experience 18.2 Oracle Banking Digital Experience 18.3 Oracle Banking Digital Experience 19.1 Oracle Banking Digital Experience 19.2 Oracle Banking Digital Experience 20.1

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

Fasterxml Jackson-mapper-asl Redhat Jboss Enterprise Application Platform 7.0 Redhat Jboss Fuse 7.0.0 Debian Debian Linux 8.0 Debian Debian Linux 9.0 Apache Spark 3.0.1

1 Github repository

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook