Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle middleware common libraries and tools 12.2.1.4.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-42575
The OWASP Java HTML Sanitizer prior to 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Owasp Java Html Sanitizer
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
9.1
CVSSv3
CVE-2021-23926
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
Apache Xmlbeans
Netapp Oncommand Unified Manager Core Package -
Netapp Snap Creator Framework -
Netapp Snapmanager -
Debian Debian Linux 9.0
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
6.5
CVSSv3
CVE-2021-30129
A vulnerability in sshd-core of Apache Mina SSHD allows an malicious user to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
Apache Sshd
Oracle Banking Payments 14.5
Oracle Banking Trade Finance 14.5
Oracle Banking Treasury Management 14.5
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Flexcube Universal Banking
Oracle Flexcube Universal Banking 14.5
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Middleware Common Libraries And Tools 14.1.1.0.0
Oracle Oss Support Tools 2.12.42
Oracle Retail Customer Management And Segmentation Foundation 18.0
7.5
CVSSv3
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions before 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinit...
Jsoup Jsoup
Quarkus Quarkus
Oracle Banking Trade Finance 14.5
Oracle Banking Treasury Management 14.5
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Flexcube Universal Banking
Oracle Flexcube Universal Banking 14.5
Oracle Hospitality Token Proxy Service 19.2
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Unifier 20.12
6.1
CVSSv3
CVE-2021-35043
OWASP AntiSamy prior to 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
Antisamy Project Antisamy
Oracle Retail Back Office 14.0
Oracle Retail Back Office 14.1
Oracle Retail Central Office 14.0
Oracle Retail Central Office 14.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Banking Enterprise Default Management 2.6.2
Oracle Banking Enterprise Default Management 2.7.0
Oracle Banking Enterprise Default Management 2.7.1
Oracle Banking Enterprise Default Management 2.10.0
Oracle Banking Enterprise Default Management 2.12.0
7.5
CVSSv3
CVE-2021-42340
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the c...
Apache Tomcat
Apache Tomcat 10.0.0
Apache Tomcat 10.1.0
Netapp Hci -
Netapp Management Services For Element Software -
Debian Debian Linux 11.0
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Big Data Spatial And Graph
Oracle Communications Diameter Signaling Router
Oracle Hospitality Cruise Shipboard Property Management System 20.1.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Managed File Transfer 12.2.1.4.0
8.8
CVSSv3
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBi...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Advanced Supply Chain Planning 12.1
Oracle Advanced Supply Chain Planning 12.2
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
2 Articles
8.8
CVSSv3
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Apache Chainsaw
Apache Log4j
Qos Reload4j
Oracle Advanced Supply Chain Planning 12.1
Oracle Advanced Supply Chain Planning 12.2
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
Oracle Communications Instant Messaging Server 10.0.1.5.0
1 Github repository
1 Article
9.8
CVSSv3
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows malicious users to manipulate the SQL by ent...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Advanced Supply Chain Planning 12.1
Oracle Advanced Supply Chain Planning 12.2
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
2 Github repositories
1 Article
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2024-51941
CVE-2024-24417
server-side request forgery
jd edwards enterpriseone tools
google
hardcoded
CVE-2025-21569
weblogic server
IDOR
CVE-2024-24418
CVE-2024-55591
CVE-2024-49138
peoplesoft enterprise cc common application objects
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started