Oracle Rapid_planning
18 CVEs affecting Oracle Rapid_planning. Latest disclosed: 2021-07-21. Critical: 6, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-10683 | Critical | 9.8 | 2020-05-01 | dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular exte… |
CVE-2020-2555 | Critical | 9.8 | 2020-01-15 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are… |
CVE-2019-17571 | Critical | 9.8 | 2019-12-20 | Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code… |
CVE-2019-2904 | Critical | 9.8 | 2019-10-16 | Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0… |
CVE-2019-2729 | Critical | 9.8 | 2019-06-19 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6… |
CVE-2017-5645 | Critical | 9.8 | 2017-04-17 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially… |
CVE-2021-2351 | High | 8.3 | 2021-07-21 | Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Diffi… |
CVE-2020-5398 | High | 7.5 | 2020-01-17 | In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a refle… |
CVE-2019-0227 | High | 7.5 | 2019-05-01 | A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits c… |
CVE-2018-15756 | High | 7.5 | 2018-10-18 | Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide suppo… |
CVE-2018-1000632 | High | 7.5 | 2018-08-20 | dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an… |
CVE-2020-1945 | Medium | 6.3 | 2020-05-14 | Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and… |
CVE-2019-10219 | Medium | 6.1 | 2019-11-08 | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious cod… |
CVE-2019-17091 | Medium | 6.1 | 2019-10-02 | faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, all… |
CVE-2018-8032 | Medium | 6.1 | 2018-08-02 | Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. |
CVE-2018-1271 | Medium | 5.9 | 2018-04-06 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to se… |
CVE-2020-5397 | Medium | 5.3 | 2020-01-17 | Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or… |
CVE-2018-1199 | Medium | 5.3 | 2018-03-16 | Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0… |