Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle middleware common libraries and tools 12.2.1.4.0 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-42575
The OWASP Java HTML Sanitizer prior to 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Owasp Java Html Sanitizer
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
571
VMScore
CVE-2021-23926
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
Apache Xmlbeans
Netapp Snap Creator Framework -
Netapp Snapmanager -
Netapp Oncommand Unified Manager Core Package -
Debian Debian Linux 9.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
356
VMScore
CVE-2021-30129
A vulnerability in sshd-core of Apache Mina SSHD allows an malicious user to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
Apache Sshd
Oracle Retail Customer Management And Segmentation Foundation 18.0
Oracle Flexcube Universal Banking
Oracle Retail Customer Management And Segmentation Foundation 19.0
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Banking Payments 14.5
Oracle Banking Trade Finance 14.5
Oracle Banking Treasury Management 14.5
Oracle Oss Support Tools 2.12.42
Oracle Flexcube Universal Banking 14.5
Oracle Middleware Common Libraries And Tools 14.1.1.0.0
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
445
VMScore
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions before 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinit...
Jsoup Jsoup
Quarkus Quarkus
Oracle Webcenter Portal 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Flexcube Universal Banking
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Webcenter Portal 12.2.1.4.0
Oracle Primavera Unifier 20.12
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Unifier 21.12
Oracle Banking Trade Finance 14.5
Oracle Banking Treasury Management 14.5
Oracle Flexcube Universal Banking 14.5
Oracle Hospitality Token Proxy Service 19.2
Oracle Retail Customer Management And Segmentation Foundation
Netapp Management Services For Element Software And Netapp Hci -
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
383
VMScore
CVE-2021-35043
OWASP AntiSamy prior to 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
Antisamy Project Antisamy
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.0
Oracle Retail Central Office 14.1
Oracle Banking Platform 2.6.2
Oracle Banking Platform 2.7.0
Oracle Banking Platform 2.7.1
Oracle Insurance Policy Administration 11.3.0
Oracle Insurance Policy Administration 11.0.2
Oracle Banking Enterprise Default Management 2.12.0
Oracle Banking Enterprise Default Management 2.10.0
Oracle Banking Party Management 2.7.0
Oracle Banking Platform
Oracle Banking Enterprise Default Managment
Oracle Insurance Policy Administration 11.1.0
Oracle Insurance Policy Administration 11.3.1
Oracle Banking Enterprise Default Management 2.7.0
Oracle Banking Enterprise Default Management 2.7.1
Oracle Banking Enterprise Default Management 2.6.2
446
VMScore
CVE-2021-42340
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the c...
Apache Tomcat 10.0.0
Apache Tomcat 10.1.0
Apache Tomcat
Netapp Hci -
Netapp Management Services For Element Software -
Debian Debian Linux 11.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Sd-wan Edge 9.0
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Managed File Transfer 12.2.1.4.0
Oracle Hospitality Cruise Shipboard Property Management System 20.1.0
Oracle Sd-wan Edge 9.1
Oracle Communications Diameter Signaling Router
Oracle Big Data Spatial And Graph
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Retail Customer Insights 15.0.2
Oracle Retail Customer Insights 16.0.2
Oracle Taleo Platform
Oracle Payment Interface 20.3
Oracle Payment Interface 19.1
Oracle Retail Eftlink 21.0.0
Oracle Retail Data Extractor For Merchandising 16.0.2
538
VMScore
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBi...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
1 Article
801
VMScore
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Apache Chainsaw
Apache Log4j
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
1 Github repository
1 Article
606
VMScore
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows malicious users to manipulate the SQL by ent...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
2 Github repositories
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started