Oracle

Webcenter Portal

90 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-21348

  • EPSS 0.2%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:42:08

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is aff...

9.8

CVE-2021-21347

Exploit
  • EPSS 2.63%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:41:49

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

9.8

CVE-2021-21346

Exploit
  • EPSS 3.97%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:41:29

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

7.5

CVE-2021-21341

Exploit
  • EPSS 23.43%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:38:30

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel executio...

9.1

CVE-2021-21342

Exploit
  • EPSS 1.02%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:39:23

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...

7.5

CVE-2021-21343

Exploit
  • EPSS 0.62%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:40:13

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...

9.8

CVE-2021-21344

Exploit
  • EPSS 28.06%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:40:53

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

9.9

CVE-2021-21345

Exploit
  • EPSS 86.96%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:41:10

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the proc...

8.1

CVE-2020-36183

Exploit
  • EPSS 2.72%
  • Veröffentlicht 07.01.2021 00:15:15
  • Zuletzt bearbeitet 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

8.1

CVE-2020-36182

Exploit
  • EPSS 2.51%
  • Veröffentlicht 07.01.2021 00:15:14
  • Zuletzt bearbeitet 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.