Lucene search

K

WebCenter Portal Security Vulnerabilities

cve
cve

CVE-2024-20992

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter...

4.4CVSS

5.6AI Score

0.0004EPSS

2024-04-16 10:15 PM
25
cve
cve

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue...

5.9CVSS

7.5AI Score

0.966EPSS

2021-12-18 12:15 PM
751
In Wild
4
cve
cve

CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result.....

8.2CVSS

5.3AI Score

0.003EPSS

2021-11-17 08:15 PM
95
cve
cve

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result....

8.2CVSS

5.3AI Score

0.004EPSS

2021-11-17 07:15 PM
325
4
cve
cve

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS...

7.5CVSS

7.4AI Score

0.007EPSS

2021-10-19 03:15 PM
264
5
cve
cve

CVE-2021-37137

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...

7.5CVSS

7.4AI Score

0.007EPSS

2021-10-19 03:15 PM
238
3
cve
cve

CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8....

8.5CVSS

8.4AI Score

0.012EPSS

2021-08-23 07:15 PM
183
2
cve
cve

CVE-2021-39150

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8....

8.5CVSS

8.4AI Score

0.011EPSS

2021-08-23 07:15 PM
190
6
cve
cve

CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

6.5CVSS

7.1AI Score

0.018EPSS

2021-08-23 07:15 PM
177
2
cve
cve

CVE-2021-39153

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime...

8.5CVSS

8.8AI Score

0.025EPSS

2021-08-23 06:15 PM
166
cve
cve

CVE-2021-39154

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to....

8.5CVSS

8.7AI Score

0.025EPSS

2021-08-23 06:15 PM
169
cve
cve

CVE-2021-39151

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to....

8.5CVSS

8.7AI Score

0.025EPSS

2021-08-23 06:15 PM
182
cve
cve

CVE-2021-39149

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to....

8.5CVSS

8.7AI Score

0.025EPSS

2021-08-23 06:15 PM
180
cve
cve

CVE-2021-39145

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to....

8.5CVSS

8.7AI Score

0.019EPSS

2021-08-23 06:15 PM
177
3
cve
cve

CVE-2021-39148

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to....

8.5CVSS

8.7AI Score

0.025EPSS

2021-08-23 06:15 PM
165
cve
cve

CVE-2021-39146

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to....

8.5CVSS

8.7AI Score

0.274EPSS

2021-08-23 06:15 PM
176
cve
cve

CVE-2021-39147

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to....

8.5CVSS

8.7AI Score

0.025EPSS

2021-08-23 06:15 PM
171
cve
cve

CVE-2021-39141

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to....

8.5CVSS

8.7AI Score

0.254EPSS

2021-08-23 06:15 PM
188
8
cve
cve

CVE-2021-39144

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to....

8.5CVSS

8.9AI Score

0.972EPSS

2021-08-23 06:15 PM
607
In Wild
8
cve
cve

CVE-2021-39139

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the....

8.8CVSS

8.8AI Score

0.035EPSS

2021-08-23 06:15 PM
204
2
cve
cve

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until...

7.5CVSS

7.1AI Score

0.009EPSS

2021-08-18 03:15 PM
349
6
cve
cve

CVE-2021-35516

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz...

7.5CVSS

7.2AI Score

0.025EPSS

2021-07-13 08:15 AM
210
9
cve
cve

CVE-2021-36090

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip...

7.5CVSS

7.4AI Score

0.01EPSS

2021-07-13 08:15 AM
291
13
cve
cve

CVE-2021-35517

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar...

7.5CVSS

7.3AI Score

0.014EPSS

2021-07-13 08:15 AM
221
9
cve
cve

CVE-2021-29505

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to.....

8.8CVSS

8.6AI Score

0.048EPSS

2021-05-28 09:15 PM
281
10
cve
cve

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path...

4.8CVSS

5.5AI Score

0.002EPSS

2021-04-13 07:15 AM
339
In Wild
26
cve
cve

CVE-2021-28657

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or...

5.5CVSS

5.5AI Score

0.001EPSS

2021-03-31 08:15 AM
110
11
cve
cve

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the.....

9.1CVSS

9.5AI Score

0.644EPSS

2021-03-23 12:15 AM
243
5
cve
cve

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to...

9.8CVSS

9.6AI Score

0.015EPSS

2021-03-23 12:15 AM
239
7
cve
cve

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup.....

7.5CVSS

8.3AI Score

0.023EPSS

2021-03-23 12:15 AM
226
8
cve
cve

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

8.6CVSS

8.9AI Score

0.015EPSS

2021-03-23 12:15 AM
232
5
cve
cve

CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who...

9.8CVSS

9.5AI Score

0.015EPSS

2021-03-23 12:15 AM
228
5
cve
cve

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

9.1CVSS

9.2AI Score

0.008EPSS

2021-03-23 12:15 AM
318
6
cve
cve

CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who...

9.8CVSS

9.5AI Score

0.015EPSS

2021-03-23 12:15 AM
236
6
cve
cve

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS

8.3AI Score

0.011EPSS

2021-03-23 12:15 AM
320
8
cve
cve

CVE-2021-21343

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.5CVSS

8.2AI Score

0.005EPSS

2021-03-23 12:15 AM
314
5
cve
cve

CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

9.9CVSS

9.5AI Score

0.3EPSS

2021-03-23 12:15 AM
251
10
cve
cve

CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who...

9.8CVSS

9.5AI Score

0.015EPSS

2021-03-23 12:15 AM
237
5
cve
cve

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
225
7
cve
cve

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
221
6
cve
cve

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.004EPSS

2021-01-07 12:15 AM
222
16
cve
cve

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
224
12
cve
cve

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
217
6
cve
cve

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
206
6
cve
cve

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
210
7
cve
cve

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
211
5
cve
cve

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
202
7
cve
cve

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
212
6
cve
cve

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
213
4
cve
cve

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...

8.1CVSS

7.7AI Score

0.007EPSS

2020-12-27 05:15 AM
223
19
Total number of security vulnerabilities100