Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Blockchain_platform
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 39 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-24 | CVE-2020-5245 | Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2. | Dropwizard_validation, Blockchain_platform | 8.8 | ||
| 2020-06-08 | CVE-2020-8172 | TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. | Node\.js, Banking_extensibility_workbench, Blockchain_platform, Graalvm, Mysql_cluster | 7.4 | ||
| 2020-07-14 | CVE-2020-15719 | libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux. | Policy_auditor, Openldap, Leap, Blockchain_platform, Enterprise_linux | 4.2 | ||
| 2020-07-24 | CVE-2020-8174 | napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. | Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Node\.js, Banking_extensibility_workbench, Blockchain_platform, Mysql_cluster, Retail_xstore_point_of_service | 8.1 |