Oracle Fusion_middleware_mapviewer
13 CVEs affecting Oracle Fusion_middleware_mapviewer. Latest disclosed: 2021-04-13. Critical: 4, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-13990 | Critical | 9.8 | 2019-07-26 | initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. |
CVE-2018-2943 | Critical | 9.8 | 2018-07-18 | Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected… |
CVE-2018-8013 | Critical | 9.8 | 2018-05-24 | In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then… |
CVE-2017-5645 | Critical | 9.8 | 2017-04-17 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially… |
CVE-2017-3230 | High | 8.6 | 2017-04-24 | Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected… |
CVE-2020-11987 | High | 8.2 | 2021-02-24 | Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argume… |
CVE-2020-14608 | High | 8.2 | 2020-07-15 | Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). The supported version that is affected is… |
CVE-2019-17566 | High | 7.5 | 2020-11-12 | Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted arg… |
CVE-2020-14607 | Medium | 6.1 | 2020-07-15 | Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). Supported versions that are affected are… |
CVE-2019-10219 | Medium | 6.1 | 2019-11-08 | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious cod… |
CVE-2019-11358 | Medium | 6.1 | 2019-04-20 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an… |
CVE-2015-9251 | Medium | 6.1 | 2018-01-18 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text… |
CVE-2021-29425 | Medium | 4.8 | 2021-04-13 | In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result wou… |