Oracle Utilities Testing Accelerator vulnerabilities

CVE-2021-4104 [HIGH] CWE-502 CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228.

CVE-2021-39154 [HIGH] CWE-434 CVE-2021-39154: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39153 [HIGH] CWE-434 CVE-2021-39153: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is aff

CVE-2021-39152 [HIGH] CWE-502 CVE-2021-39152: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to

CVE-2021-39141 [HIGH] CWE-434 CVE-2021-39141: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39146 [HIGH] CWE-434 CVE-2021-39146: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39139 [HIGH] CWE-434 CVE-2021-39139: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario c

CVE-2021-39149 [HIGH] CWE-434 CVE-2021-39149: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39144 [HIGH] CWE-94 CVE-2021-39144: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist lim

CVE-2021-39147 [HIGH] CWE-434 CVE-2021-39147: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39150 [HIGH] CWE-502 CVE-2021-39150: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to

CVE-2021-39145 [HIGH] CWE-434 CVE-2021-39145: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39151 [HIGH] CWE-434 CVE-2021-39151: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39148 [HIGH] CWE-434 CVE-2021-39148: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist li

CVE-2021-39140 [MEDIUM] CWE-502 CVE-2021-39140: XStream is a simple library to serialize objects to XML and back again. In affected versions this vu XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected,

CVE-2021-2351 [HIGH] CWE-327 CVE-2021-2351: Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versi Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a perso

CVE-2021-36373 [MEDIUM] CWE-130 CVE-2021-36373: When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amoun When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

CVE-2021-36374 [MEDIUM] CWE-130 CVE-2021-36374: When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apac

CVE-2021-35515 [HIGH] CWE-834 CVE-2021-35515: When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

CVE-2021-36090 [HIGH] CWE-130 CVE-2021-36090: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memo When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.