Oracle Hyperion Infrastructure Technology vulnerabilities

CVE-2020-13871 [HIGH] CWE-416 CVE-2020-13871: SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite fo SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

CVE-2020-11656 [CRITICAL] CWE-416 CVE-2020-11656: In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

CVE-2020-11655 [HIGH] CWE-665 CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malfo SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

CVE-2020-1935 [MEDIUM] CWE-444 CVE-2020-1935: In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing cod In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encodi

CVE-2020-9327 [HIGH] CWE-476 CVE-2020-9327: In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

CVE-2019-17563 [HIGH] CWE-384 CVE-2019-17563: When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVE-2019-12415 [MEDIUM] CWE-611 CVE-2019-12415: In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Ex In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

CVE-2019-12402 [HIGH] CWE-835 CVE-2019-12402: The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get int The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

CVE-2019-13990 [CRITICAL] CWE-611 CVE-2019-13990: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3 initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

CVE-2018-14550 [HIGH] CWE-787 CVE-2018-14550: An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-bas An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

CVE-2019-2729 [CRITICAL] CWE-284 CVE-2019-2729: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this

CVE-2019-5427 [HIGH] CWE-776 CVE-2019-5427: c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration du c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

CVE-2019-7317 [MEDIUM] CWE-416 CVE-2019-7317: png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_fu png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.