Utilities Framework Security Vulnerabilities and Issues — Utilities Framework CVE List

Lucene search

OracleUtilities Framework

21 matches found

CVE•added 2021/12/18 12:15 p.m.•1031 views

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

5.9CVSS7.7AI score0.65644EPSS

CVE•added 2021/08/23 6:15 p.m.•758 views

CVE-2021-39144

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS9AI score0.94412EPSS

CVE•added 2021/07/14 7:15 a.m.•548 views

CVE-2021-36374

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives a...

5.5CVSS6.2AI score0.00172EPSS

CVE•added 2021/06/01 8:15 p.m.•348 views

CVE-2021-31684

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

7.5CVSS7.1AI score0.00082EPSS

CVE•added 2021/08/23 6:15 p.m.•310 views

CVE-2021-39139

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the ...

8.8CVSS8.8AI score0.00673EPSS

CVE•added 2021/08/23 7:15 p.m.•297 views

CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No...

8.5CVSS8.6AI score0.67834EPSS

CVE•added 2021/02/23 2:15 a.m.•293 views

CVE-2021-27568

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive info...

5.9CVSS6AI score0.0052EPSS

CVE•added 2021/08/23 6:15 p.m.•292 views

CVE-2021-39151

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS8.8AI score0.00569EPSS

CVE•added 2021/08/23 6:15 p.m.•281 views

CVE-2021-39141

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS8.8AI score0.81843EPSS

CVE•added 2021/08/23 7:15 p.m.•279 views

CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulat...

6.5CVSS7.3AI score0.00118EPSS

CVE•added 2021/08/23 7:15 p.m.•279 views

CVE-2021-39150

8.5CVSS8.6AI score0.01952EPSS

CVE•added 2021/08/23 6:15 p.m.•268 views

CVE-2021-39145

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS8.8AI score0.00496EPSS

CVE•added 2021/08/23 6:15 p.m.•266 views

CVE-2021-39149

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS8.8AI score0.00569EPSS

CVE•added 2021/08/23 6:15 p.m.•261 views

CVE-2021-39146

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS8.8AI score0.44883EPSS

CVE•added 2021/08/23 6:15 p.m.•257 views

CVE-2021-39147

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS8.8AI score0.00483EPSS

CVE•added 2021/08/23 6:15 p.m.•256 views

CVE-2021-39153

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime ve...

8.5CVSS8.9AI score0.00569EPSS

CVE•added 2021/08/23 6:15 p.m.•251 views

CVE-2021-39154

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS8.8AI score0.006EPSS

CVE•added 2021/08/23 6:15 p.m.•244 views

CVE-2021-39148

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to ...

8.5CVSS8.8AI score0.00483EPSS

CVE•added 2021/07/14 7:15 a.m.•235 views

CVE-2021-36373

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

5.5CVSS6.1AI score0.00127EPSS

CVE•added 2021/07/21 3:15 p.m.•211 views

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. S...

8.3CVSS8.5AI score0.03639EPSS

CVE•added 2021/01/20 3:15 p.m.•128 views

CVE-2020-14756

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP,...

9.8CVSS9.3AI score0.87201EPSS