Customer Management Segmentation Foundation Oracle Customer Management Segmentation Foundation

Do you want an email whenever new security vulnerabilities are reported in Oracle Customer Management Segmentation Foundation?

By the Year

In 2022 there have been 0 vulnerabilities in Oracle Customer Management Segmentation Foundation . Last year Customer Management Segmentation Foundation had 1 security vulnerability published. Right now, Customer Management Segmentation Foundation is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 1 6.50
2020 1 9.80
2019 3 8.20
2018 1 5.90

It may take a day or so for new Customer Management Segmentation Foundation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Customer Management Segmentation Foundation Security Vulnerabilities

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely

CVE-2021-41973 6.5 - Medium - November 01, 2021

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

Infinite Loop

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

CVE-2019-20330 9.8 - Critical - January 03, 2020

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

Marshaling, Unmarshaling

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18

CVE-2019-12402 7.5 - High - August 30, 2019

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

Infinite Loop

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which

CVE-2019-10086 7.3 - High - August 20, 2019

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Marshaling, Unmarshaling

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0

CVE-2019-13990 9.8 - Critical - July 26, 2019

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

XXE

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers

CVE-2018-10237 5.9 - Medium - April 26, 2018

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Allocation of Resources Without Limits or Throttling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Virtualization Host or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe