Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle primavera unifier 20.12 vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-25169
The BPG parser in versions of Apache Tika prior to 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
Apache Tika
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
5.5
CVSSv3
CVE-2022-30126
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, whic...
Apache Tika
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
9.8
CVSSv3
CVE-2020-25020
MPXJ up to and including 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.
Mpxj Mpxj
Oracle Primavera Unifier
Oracle Primavera Unifier 16.1
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
9.8
CVSSv3
CVE-2021-42575
The OWASP Java HTML Sanitizer prior to 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Owasp Java Html Sanitizer
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
9.8
CVSSv3
CVE-2021-23450
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
Linuxfoundation Dojo
Oracle Communications Policy Management 12.6.0.0.0
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Debian Debian Linux 10.0
5.5
CVSSv3
CVE-2021-28657
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Apache Tika
Oracle Healthcare Foundation 7.3.0
Oracle Healthcare Foundation 8.0.0
Oracle Healthcare Foundation 8.1.0
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Communications Messaging Server 8.1
7.7
CVSSv3
CVE-2020-5258
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes t...
Linuxfoundation Dojo
Debian Debian Linux 8.0
Oracle Communications Application Session Controller 3.9.0
Oracle Communications Policy Management 12.5.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Documaker
Oracle Mysql
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Webcenter Sites 12.2.1.3.0
3.3
CVSSv3
CVE-2020-8908
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the ...
Google Guava
Quarkus Quarkus
Oracle Commerce Guided Search 11.3.2
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Communications Pricing Design Center 12.0.0.4.0
Oracle Communications Pricing Design Center 12.0.0.5.0
Oracle Data Integrator 12.2.1.3.0
Oracle Data Integrator 12.2.1.4.0
Oracle Nosql Database
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
4 Github repositories
5.3
CVSSv3
CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Apache Httpclient
Quarkus Quarkus
Oracle Data Integrator 12.2.1.3.0
Oracle Data Integrator 12.2.1.4.0
Oracle Jd Edwards Enterpriseone Orchestrator
Oracle Jd Edwards Enterpriseone Tools
Oracle Nosql Database
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Pt Peopletools 8.57
Oracle Peoplesoft Enterprise Pt Peopletools 8.58
Oracle Peoplesoft Enterprise Pt Peopletools 8.59
4 Github repositories
6.1
CVSSv3
CVE-2021-41182
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altFi...
Jqueryui Jquery Ui
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
1 Github repository
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2024-51941
CVE-2024-24417
server-side request forgery
jd edwards enterpriseone tools
google
hardcoded
CVE-2025-21569
weblogic server
IDOR
CVE-2024-24418
CVE-2024-55591
CVE-2024-49138
peoplesoft enterprise cc common application objects
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »