Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
oracle primavera unifier 19.12 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain...
Apache Solr
Oracle Primavera Unifier 16.1
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
39 Github repositories available
9.8
CVSSv3
CVE-2021-42575
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements....
Owasp Java Html Sanitizer
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
5.7
CVSSv3
CVE-2020-14617
Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnerability allows low...
Oracle Primavera Unifier 16.1
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
9.8
CVSSv3
CVE-2021-23450
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function....
Linuxfoundation Dojo
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
Oracle Communications Policy Management 12.6.0.0.0
5.9
CVSSv3
CVE-2021-38153
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this...
Apache Kafka
Apache Kafka 2.8.0
Quarkus Quarkus
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
1 Github repository available
5.5
CVSSv3
CVE-2020-9489
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser....
Apache Tika 1.24
Oracle Flexcube Private Banking 12.0.0
Oracle Flexcube Private Banking 12.1.0
Oracle Primavera Unifier 16.1
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Communications Messaging Server 8.1
1 Github repository available
5.5
CVSSv3
CVE-2021-28657
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later....
Apache Tika
Oracle Webcenter Portal 12.2.1.3.0
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Primavera Unifier 19.12
Oracle Webcenter Portal 12.2.1.4.0
Oracle Healthcare Foundation 7.3.0
Oracle Primavera Unifier 20.12
Oracle Communications Messaging Server 8.1
Oracle Healthcare Foundation 8.0.0
Oracle Healthcare Foundation 8.1.0
1 Github repository available
7.5
CVSSv3
CVE-2020-5258
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes...
Linuxfoundation Dojo
Debian Debian Linux 8.0
Oracle Communications Application Session Controller 3.9.0
Oracle Communications Policy Management 12.5.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Documaker
Oracle Mysql
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Webcenter Sites 12.2.1.3.0
Oracle Webcenter Sites 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
3.3
CVSSv3
CVE-2020-8908
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the...
Google Guava
Quarkus Quarkus
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Data Integrator 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Weblogic Server 14.1.1.0.0
Oracle Data Integrator 12.2.1.4.0
Oracle Nosql Database
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Retail Customer Management And Segmentation Foundation
Oracle Communications Pricing Design Center 12.0.0.4.0
Oracle Communications Pricing Design Center 12.0.0.5.0
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Communications Cloud Native Core Network Repository Function 1.14.0
Oracle Primavera Unifier 21.12
Netapp Active Iq Unified Manager -
4 Github repositories available
5.3
CVSSv3
CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution....
Apache Httpclient
Quarkus Quarkus
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier 16.1
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Primavera Unifier 18.8
Oracle Data Integrator 12.2.1.3.0
Oracle Primavera Unifier
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Data Integrator 12.2.1.4.0
Oracle Primavera Unifier 20.12
Oracle Jd Edwards Enterpriseone Orchestrator
Oracle Jd Edwards Enterpriseone Tools
Oracle Nosql Database
Oracle Peoplesoft Enterprise Pt Peopletools 8.57
Oracle Peoplesoft Enterprise Pt Peopletools 8.58
Oracle Peoplesoft Enterprise Pt Peopletools 8.59
Oracle Retail Customer Management And Segmentation Foundation
Oracle Spatial Studio
Oracle Sql Developer
Netapp Snapcenter -
Netapp Active Iq Unified Manager -
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Commerce Guided Search 11.3.2
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
8 Github repositories available
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-29214
CVE-2022-29432
CVE-2022-1388
LFI
CVE-2022-1813
SSRF
CVE-2022-20821
CVE-2021-41834
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »