Oracle Banking Supply Chain Finance 14.3.0
Approved changes feed: RSS · Atom
cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*
part: a version: 14.3.0 update: *
| Vendor | Oracle (3509f9eb-d8a0-57da-b153-b8021021b133) |
|---|---|
| Product | Banking Supply Chain Finance (c0fc34ba-2bdc-53a9-87e6-822e7d090ff8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-31812 |
vulnerable | 2026-06-03 14:44:33.564844 |
A carefully crafted PDF file can trigger an infinite loop while loading the file
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
Published: 2021-06-12T09:45:11.000Z
Updated: 2024-08-03T23:10:30.239Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31811 |
vulnerable | 2026-06-03 14:44:33.561120 |
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
Published: 2021-06-12T09:45:11.000Z
Updated: 2024-08-03T23:10:30.183Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-27906 |
vulnerable | 2026-06-03 14:44:17.032168 |
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
Published: 2021-03-19T16:05:21.000Z
Updated: 2025-02-13T16:27:57.655Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-23337 |
vulnerable | 2026-06-03 14:43:55.094362 |
Command Injection
HIGH (7.2)
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Published: 2021-02-15T12:15:14.715Z
Updated: 2024-09-16T19:15:17.074Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8203 |
vulnerable | 2026-06-03 14:43:08.321524 |
Details available
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Published: 2020-07-15T16:10:27.000Z
Updated: 2024-08-04T09:56:28.214Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5413 |
vulnerable | 2026-06-03 14:42:56.417281 |
Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown "deserialization gadgets" when configuring Kryo in code.
Published: 2020-07-31T19:40:19.970Z
Updated: 2024-09-16T16:22:53.854Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-28500 |
vulnerable | 2026-06-03 14:42:21.412517 |
Regular Expression Denial of Service (ReDoS)
MEDIUM (5.3)
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Published: 2021-02-15T11:10:16.225Z
Updated: 2024-09-16T22:15:52.206Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-28052 |
vulnerable | 2026-06-03 14:42:19.015826 |
Details available
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
Published: 2020-12-18T00:52:48.000Z
Updated: 2024-08-04T16:33:56.942Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-24750 |
vulnerable | 2026-06-03 14:42:08.092613 |
Details available
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
Published: 2020-09-17T18:39:40.000Z
Updated: 2024-08-04T15:19:09.375Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.