Oracle Enterprise_repository
21 CVEs affecting Oracle Enterprise_repository. Latest disclosed: 2021-07-14. Critical: 5, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-1994 | Critical | 9.8 | 2021-01-20 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0… |
CVE-2020-11998 | Critical | 9.8 | 2020-09-10 | A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that conta… |
CVE-2019-2904 | Critical | 9.8 | 2019-10-16 | Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0… |
CVE-2018-1000613 | Critical | 9.8 | 2018-07-09 | Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controll… |
CVE-2018-8013 | Critical | 9.8 | 2018-05-24 | In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then… |
CVE-2018-1258 | High | 8.8 | 2018-05-11 | Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An un… |
CVE-2020-11987 | High | 8.2 | 2021-02-24 | Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argume… |
CVE-2017-10048 | High | 8.2 | 2017-08-08 | Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Web Interface). Supported versions that are affected are… |
CVE-2019-17566 | High | 7.5 | 2020-11-12 | Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted arg… |
CVE-2020-11979 | High | 7.5 | 2020-10-01 | As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access the… |
CVE-2020-11994 | High | 7.5 | 2020-07-08 | Server-Side Template Injection and arbitrary file disclosure on Camel templating components |
CVE-2019-0188 | High | 7.5 | 2019-05-28 | Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This… |
CVE-2019-0222 | High | 7.5 | 2019-03-28 | In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. |
CVE-2018-3246 | High | 7.5 | 2018-10-17 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are… |
CVE-2018-1000180 | High | 7.5 | 2018-06-05 | Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pai… |
CVE-2018-11775 | High | 7.4 | 2018-09-10 | TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Jav… |
CVE-2020-1945 | Medium | 6.3 | 2020-05-14 | Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and… |
CVE-2020-1941 | Medium | 6.1 | 2020-05-14 | In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. |
CVE-2021-36374 | Medium | 5.5 | 2021-07-14 | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of… |
CVE-2021-36373 | Medium | 5.5 | 2021-07-14 | When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error… |