Shodan
Vulnerabilities
Vulnerable Software
Oracle:  >> Banking Extensibility Workbench  >> 14.3.0  Security Vulnerabilities
CVE-2021-23337
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVSS Score
7.2
EPSS Score
0.003
Published
2021-02-15
CVE-2020-28500
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-02-15
CVE-2020-28052
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
CVSS Score
8.1
EPSS Score
0.058
Published
2020-12-18
CVE-2020-8174
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
CVSS Score
8.1
EPSS Score
0.006
Published
2020-07-24
CVE-2020-8203
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVSS Score
7.4
EPSS Score
0.02
Published
2020-07-15
CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
CVSS Score
7.4
EPSS Score
0.005
Published
2020-06-08
CVE-2020-11080
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
CVSS Score
3.7
EPSS Score
0.007
Published
2020-06-03
CVE-2020-10531
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-03-12
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVSS Score
9.1
EPSS Score
0.012
Published
2019-07-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved