Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle primavera unifier 21.12 vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-30126
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, whic...
Apache Tika
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
5.5
CVSSv3
CVE-2022-25169
The BPG parser in versions of Apache Tika prior to 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
Apache Tika
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
5.3
CVSSv3
CVE-2020-35460
common/InputStreamHelper.java in Packwood MPXJ prior to 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
Mpxj Mpxj
Oracle Primavera Unifier
Oracle Primavera Unifier 16.1
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 21.12
9.8
CVSSv3
CVE-2021-42575
The OWASP Java HTML Sanitizer prior to 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Owasp Java Html Sanitizer
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
9.8
CVSSv3
CVE-2021-23450
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
Linuxfoundation Dojo
Oracle Communications Policy Management 12.6.0.0.0
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Debian Debian Linux 10.0
3.3
CVSSv3
CVE-2020-8908
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the ...
Google Guava
Quarkus Quarkus
Oracle Commerce Guided Search 11.3.2
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Communications Pricing Design Center 12.0.0.4.0
Oracle Communications Pricing Design Center 12.0.0.5.0
Oracle Data Integrator 12.2.1.3.0
Oracle Data Integrator 12.2.1.4.0
Oracle Nosql Database
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
4 Github repositories
6.1
CVSSv3
CVE-2021-41182
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altFi...
Jqueryui Jquery Ui
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
1 Github repository
5.9
CVSSv3
CVE-2021-38153
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnera...
Apache Kafka
Apache Kafka 2.8.0
Quarkus Quarkus
Oracle Communications Brm - Elastic Charging Engine
Oracle Communications Brm - Elastic Charging Engine 12.0.0.5.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Enterprise Case Management 8.0.7.1
6.1
CVSSv3
CVE-2021-41184
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option...
Jqueryui Jquery Ui
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
7.5
CVSSv3
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions before 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinit...
Jsoup Jsoup
Quarkus Quarkus
Oracle Banking Trade Finance 14.5
Oracle Banking Treasury Management 14.5
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Flexcube Universal Banking
Oracle Flexcube Universal Banking 14.5
Oracle Hospitality Token Proxy Service 19.2
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Unifier 20.12
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
remote attackers
buffer overflow
CVE-2024-50603
CVE-2025-0282
CVE-2025-21382
CVE-2025-23041
XXE
CVE-2025-21374
CVE-2025-22996
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »