Oracle Customer Management Segmentation Foundation
By the Year
In 2024 there have been 0 vulnerabilities in Oracle Customer Management Segmentation Foundation . Customer Management Segmentation Foundation did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 6.50 |
| 2020 | 1 | 9.80 |
| 2019 | 6 | 9.00 |
| 2018 | 1 | 5.90 |
It may take a day or so for new Customer Management Segmentation Foundation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Customer Management Segmentation Foundation Security Vulnerabilities
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely
CVE-2021-41973
6.5 - Medium
- November 01, 2021
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
Infinite Loop
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVE-2019-20330
9.8 - Critical
- January 03, 2020
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
Marshaling, Unmarshaling
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10
CVE-2019-17267
9.8 - Critical
- October 07, 2019
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
Marshaling, Unmarshaling
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10
CVE-2019-16335
9.8 - Critical
- September 15, 2019
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Marshaling, Unmarshaling
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10
CVE-2019-14540
9.8 - Critical
- September 15, 2019
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Marshaling, Unmarshaling
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18
CVE-2019-12402
7.5 - High
- August 30, 2019
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
Infinite Loop
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which
CVE-2019-10086
7.3 - High
- August 20, 2019
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Marshaling, Unmarshaling
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0
CVE-2019-13990
9.8 - Critical
- July 26, 2019
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
XXE
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers
CVE-2018-10237
5.9 - Medium
- April 26, 2018
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Allocation of Resources Without Limits or Throttling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Virtualization Host or by Oracle? Click the Watch button to subscribe.
