threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle banking apis
Product
oracle banking apis
14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-41165
>= 18.1 and <= 18.3
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processi
8.2
HIGH
CVE-2021-41164
>= 18.1 and <= 18.3
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content
8.2
HIGH
CVE-2021-37137
>= 18.1 and <= 18.3
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also
7.5
HIGH
CVE-2021-37136
>= 18.1 and <= 18.3
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects th
7.5
HIGH
CVE-2021-2351
>= 18.1 and <= 18.3
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1
8.3
HIGH
CVE-2021-36090
>= 18.1 and <= 18.3
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5
HIGH
CVE-2021-35517
>= 18.1 and <= 18.3
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5
HIGH
CVE-2021-29425
all versions
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",
4.8
MEDIUM
CVE-2021-28164
all versions
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %
5.3
MEDIUM
CVE-2021-28163
all versions
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is
2.7
LOW
CVE-2020-11987
all versions
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By usi
8.2
HIGH
CVE-2020-25649
>= 18.1 and <= 18.3
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerab
7.5
HIGH
CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2019-17495
>= 18.1 and <= 18.3
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Over
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin