Oracle Primavera_gateway
59 CVEs affecting Oracle Primavera_gateway. Latest disclosed: 2023-01-18. Critical: 13, High: 26.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-17571 | Critical | 9.8 | 2019-12-20 | Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code… |
CVE-2019-17195 | Critical | 9.8 | 2019-10-15 | Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential informa… |
CVE-2019-17531 | Critical | 9.8 | 2019-10-12 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific… |
CVE-2019-17495 | Critical | 9.8 | 2019-10-10 | A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perf… |
CVE-2019-16943 | Critical | 9.8 | 2019-10-01 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific… |
CVE-2019-16942 | Critical | 9.8 | 2019-10-01 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific… |
CVE-2019-16335 | Critical | 9.8 | 2019-09-15 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different… |
CVE-2019-14540 | Critical | 9.8 | 2019-09-15 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. |
CVE-2019-14379 | Critical | 9.8 | 2019-07-29 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manage… |
CVE-2018-1275 | Critical | 9.8 | 2018-04-11 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocke… |
CVE-2018-1270 | Critical | 9.8 | 2018-04-06 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocke… |
CVE-2017-5645 | Critical | 9.8 | 2017-04-17 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially… |
CVE-2017-3508 | Critical | 9.1 | 2017-04-24 | Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are… |
CVE-2017-3500 | High | 8.7 | 2017-04-24 | Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are… |
CVE-2021-2351 | High | 8.3 | 2021-07-21 | Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Diffi… |
CVE-2020-36183 | High | 8.1 | 2021-01-07 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib… |
CVE-2020-36182 | High | 8.1 | 2021-01-07 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpd… |
CVE-2020-36180 | High | 8.1 | 2021-01-07 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsada… |
CVE-2020-36179 | High | 8.1 | 2021-01-07 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpd… |
CVE-2020-36189 | High | 8.1 | 2021-01-06 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.l… |