Oracle

Primavera Unifier

95 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2022-30126

  • EPSS 1.71%
  • Veröffentlicht 16.05.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:12

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the Standards...

5.5

CVE-2022-25169

  • EPSS 0.06%
  • Veröffentlicht 16.05.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:51:44

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

7.5

CVE-2020-36518

Exploit
  • EPSS 0.6%
  • Veröffentlicht 11.03.2022 07:15:07
  • Zuletzt bearbeitet 27.08.2025 21:15:36

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

8.5

CVE-2021-44832

Warnung
  • EPSS 53.59%
  • Veröffentlicht 28.12.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:31:34

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has ...

5.9

CVE-2021-45105

Warnung
  • EPSS 65.66%
  • Veröffentlicht 18.12.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:31:58

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service wh...

9.8

CVE-2021-23450

Exploit
  • EPSS 2.78%
  • Veröffentlicht 17.12.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 05:51:46

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

6.1

CVE-2021-41184

  • EPSS 22.09%
  • Veröffentlicht 26.10.2021 15:15:10
  • Zuletzt bearbeitet 21.11.2024 06:25:42

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string v...

6.1

CVE-2021-41182

Exploit
  • EPSS 22.27%
  • Veröffentlicht 26.10.2021 15:15:10
  • Zuletzt bearbeitet 21.11.2024 06:25:41

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any str...

9.8

CVE-2021-42575

Exploit
  • EPSS 0.97%
  • Veröffentlicht 18.10.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:50

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

5.9

CVE-2021-38153

  • EPSS 0.95%
  • Veröffentlicht 22.09.2021 09:15:07
  • Zuletzt bearbeitet 21.11.2024 06:16:30

Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0....